Hi Dears,
Please could you help me, I'm trying to install a FortiGate between three routers working with VRRP and a switch core.
Before the installation the three routers are connected directly to switch core and all works fine the conmutation of VRRP, the traffic, etc.
But when I install the FortiGate in transparent mode between the three ISP routers are problems in the conmutation between routers to be the VRRP master (when the R1 is inoperative), sometimes other router like ISP2 R2 goes to VRRP master mode but the traffic is not passing for the wan port in Fortigate associated to this ISP2 R2 router, we are tried to do many discards like policys, mac address table, arp table, but is not working yet.
Please could you give me some recomendations or what configuration will be necessary to apply in the fortigate.
I'm attaching the configuration file and a topology to give an idea of the scenario.
Thank very much for your answers.
configuration
#config-version=FGT50E-6.0.4-FW-build0231-190107:opmode=0:vdom=1:user=admin #conf_file_ver=162504382649291 #buildno=0231 #global_vdom=1 config vdom edit root next edit MGMT next end config global config system global set alias "FGT50E5618000084" set hostname "FGT50E5618000084" set timezone 04 set vdom-admin enable end config system accprofile edit "prof_admin" set secfabgrp read-write set ftviewgrp read-write set authgrp read-write set sysgrp read-write set netgrp read-write set loggrp read-write set fwgrp read-write set vpngrp read-write set utmgrp read-write set wifi read-write next edit "monitor" set secfabgrp read set ftviewgrp read set authgrp read set sysgrp read set netgrp read set loggrp read set fwgrp read set vpngrp read set utmgrp read set wifi read next end config system interface edit "wan1" set vdom "root" set allowaccess ping fgfm set l2forward enable set stpforward enable set status down set type physical set alias "telefonica" set role wan set snmp-index 1 next edit "wan2" set vdom "root" set allowaccess ping fgfm set l2forward enable set stpforward enable set type physical set alias "internexa" set role wan set snmp-index 2 next edit "modem" set vdom "root" set type physical set snmp-index 3 next edit "ssl.MGMT" set vdom "MGMT" set type tunnel set alias "SSL VPN interface" set snmp-index 12 next edit "lan1" set vdom "MGMT" set ip 10.11.24.4 255.255.254.0 set allowaccess ping https ssh snmp set type physical set alias "MGMT" set device-identification enable set role lan set snmp-index 8 next edit "lan2" set vdom "root" set allowaccess ping fgfm set l2forward enable set stpforward enable set type physical set alias "internexa" set device-identification enable set role lan set snmp-index 9 next edit "lan3" set vdom "MGMT" set ip 10.99.99.99 255.255.255.0 set allowaccess ping https ssh http fgfm set type physical set snmp-index 10 next edit "lan4" set vdom "root" set allowaccess ping fgfm set l2forward enable set stpforward enable set type physical set alias "Lan Cliente" set snmp-index 11 next edit "lan5" set vdom "root" set l2forward enable set stpforward enable set type physical set alias "wan3" set snmp-index 13 next end config system physical-switch edit "sw0" set age-val 0 next end config system custom-language edit "en" set filename "en" next edit "fr" set filename "fr" next edit "sp" set filename "sp" next edit "pg" set filename "pg" next edit "x-sjis" set filename "x-sjis" next edit "big5" set filename "big5" next edit "GB2312" set filename "GB2312" next edit "euc-kr" set filename "euc-kr" next end config system admin edit "admin" set accprofile "super_admin" set vdom "root" config gui-dashboard edit 1 set name "Main" config widget edit 1 set x-pos 1 set y-pos 1 set width 1 set height 1 next edit 2 set type licinfo set x-pos 2 set y-pos 1 set width 1 set height 1 next edit 3 set type forticloud set x-pos 3 set y-pos 1 set width 1 set height 1 next edit 4 set type security-fabric set x-pos 4 set y-pos 1 set width 1 set height 1 next edit 5 set type admins set x-pos 5 set y-pos 1 set width 1 set height 1 next edit 6 set type cpu-usage set x-pos 6 set y-pos 1 set width 2 set height 1 next edit 7 set type memory-usage set x-pos 7 set y-pos 1 set width 2 set height 1 next edit 8 set type sessions set x-pos 8 set y-pos 1 set width 2 set height 1 next end next edit 2 set name "Main" set scope vdom config widget edit 1 set type cpu-usage set x-pos 1 set y-pos 1 set width 2 set height 1 next edit 2 set type memory-usage set x-pos 2 set y-pos 1 set width 2 set height 1 next edit 3 set type sessions set x-pos 3 set y-pos 1 set width 2 set height 1 next edit 4 set type tr-history set x-pos 3 set width 2 set height 1 set interface "wan1" next edit 5 set type tr-history set x-pos 4 set width 2 set height 1 set interface "lan4" next edit 6 set type tr-history set x-pos 5 set width 2 set height 1 set interface "wan2" next edit 7 set type tr-history set x-pos 6 set width 2 set height 1 set interface "lan5" next end next end set password ENC SH2771e6GwlwrspNde0BXz/FjV1uxmMwOnccz7c8ihe6mnNDXtjdr0+DrIXqsU= next edit "monitor" set accprofile "monitor" set vdom "MGMT" "root" set password ENC SH26W736ZxC32ynx1Un4T+MmHM7vhB64Z1/UQOK0zfhHw2cz0E+19vtvImqpNo= next end config system ha set override disable end config system dns set primary 1.2.3.4 set secondary 2.3.4.5 end config system replacemsg-image edit "logo_fnet" set image-type gif set image-base64 '' next edit "logo_fguard_wf" set image-type gif set image-base64 '' next edit "logo_fw_auth" set image-base64 '' next edit "logo_v2_fnet" set image-base64 '' next edit "logo_v2_fguard_wf" set image-base64 '' next edit "logo_v2_fguard_app" set image-base64 '' next end config system replacemsg mail "email-av-fail" end config system replacemsg mail "email-block" end config system replacemsg mail "email-dlp-subject" end config system replacemsg mail "email-dlp-ban" end config system replacemsg mail "email-filesize" end config system replacemsg mail "partial" end config system replacemsg mail "smtp-block" end config system replacemsg mail "smtp-filesize" end config system replacemsg mail "email-decompress-limit" end config system replacemsg mail "smtp-decompress-limit" end config system replacemsg http "bannedword" end config system replacemsg http "url-block" end config system replacemsg http "urlfilter-err" end config system replacemsg http "infcache-block" end config system replacemsg http "http-block" end config system replacemsg http "http-filesize" end config system replacemsg http "http-dlp-ban" end config system replacemsg http "http-archive-block" end config system replacemsg http "http-contenttypeblock" end config system replacemsg http "https-invalid-cert-block" end config system replacemsg http "http-client-block" end config system replacemsg http "http-client-filesize" end config system replacemsg http "http-client-bannedword" end config system replacemsg http "http-post-block" end config system replacemsg http "http-client-archive-block" end config system replacemsg http "switching-protocols-block" end config system replacemsg webproxy "deny" end config system replacemsg webproxy "user-limit" end config system replacemsg webproxy "auth-challenge" end config system replacemsg webproxy "auth-login-fail" end config system replacemsg webproxy "auth-group-info-fail" end config system replacemsg webproxy "http-err" end config system replacemsg webproxy "auth-ip-blackout" end config system replacemsg ftp "ftp-av-fail" end config system replacemsg ftp "ftp-dl-blocked" end config system replacemsg ftp "ftp-dl-filesize" end config system replacemsg ftp "ftp-dl-dlp-ban" end config system replacemsg ftp "ftp-explicit-banner" end config system replacemsg ftp "ftp-dl-archive-block" end config system replacemsg nntp "nntp-av-fail" end config system replacemsg nntp "nntp-dl-blocked" end config system replacemsg nntp "nntp-dl-filesize" end config system replacemsg nntp "nntp-dlp-subject" end config system replacemsg nntp "nntp-dlp-ban" end config system replacemsg nntp "email-decompress-limit" end config system replacemsg fortiguard-wf "ftgd-block" end config system replacemsg fortiguard-wf "http-err" end config system replacemsg fortiguard-wf "ftgd-ovrd" end config system replacemsg fortiguard-wf "ftgd-quota" end config system replacemsg fortiguard-wf "ftgd-warning" end config system replacemsg spam "ipblocklist" end config system replacemsg spam "smtp-spam-dnsbl" end config system replacemsg spam "smtp-spam-feip" end config system replacemsg spam "smtp-spam-helo" end config system replacemsg spam "smtp-spam-emailblack" end config system replacemsg spam "smtp-spam-mimeheader" end config system replacemsg spam "reversedns" end config system replacemsg spam "smtp-spam-bannedword" end config system replacemsg spam "smtp-spam-ase" end config system replacemsg spam "submit" end config system replacemsg alertmail "alertmail-virus" end config system replacemsg alertmail "alertmail-block" end config system replacemsg alertmail "alertmail-nids-event" end config system replacemsg alertmail "alertmail-crit-event" end config system replacemsg alertmail "alertmail-disk-full" end config system replacemsg admin "pre_admin-disclaimer-text" end config system replacemsg admin "post_admin-disclaimer-text" end config system replacemsg auth "auth-disclaimer-page-1" end config system replacemsg auth "auth-disclaimer-page-2" end config system replacemsg auth "auth-disclaimer-page-3" end config system replacemsg auth "auth-reject-page" end config system replacemsg auth "auth-login-page" end config system replacemsg auth "auth-login-failed-page" end config system replacemsg auth "auth-token-login-page" end config system replacemsg auth "auth-token-login-failed-page" end config system replacemsg auth "auth-success-msg" end config system replacemsg auth "auth-challenge-page" end config system replacemsg auth "auth-keepalive-page" end config system replacemsg auth "auth-portal-page" end config system replacemsg auth "auth-password-page" end config system replacemsg auth "auth-fortitoken-page" end config system replacemsg auth "auth-next-fortitoken-page" end config system replacemsg auth "auth-email-token-page" end config system replacemsg auth "auth-sms-token-page" end config system replacemsg auth "auth-email-harvesting-page" end config system replacemsg auth "auth-email-failed-page" end config system replacemsg auth "auth-cert-passwd-page" end config system replacemsg auth "auth-guest-print-page" end config system replacemsg auth "auth-guest-email-page" end config system replacemsg auth "auth-success-page" end config system replacemsg auth "auth-block-notification-page" end config system replacemsg auth "auth-quarantine-page" end config system replacemsg auth "auth-qtn-reject-page" end config system replacemsg sslvpn "sslvpn-login" end config system replacemsg sslvpn "sslvpn-header" end config system replacemsg sslvpn "sslvpn-limit" end config system replacemsg sslvpn "hostcheck-error" end config system replacemsg ec "endpt-download-portal" end config system replacemsg ec "endpt-download-portal-mac" end config system replacemsg ec "endpt-download-portal-linux" end config system replacemsg ec "endpt-download-portal-ios" end config system replacemsg ec "endpt-download-portal-aos" end config system replacemsg ec "endpt-download-portal-other" end config system replacemsg ec "endpt-warning-portal" end config system replacemsg ec "endpt-warning-portal-mac" end config system replacemsg ec "endpt-warning-portal-linux" end config system replacemsg ec "endpt-remedy-inst" end config system replacemsg ec "endpt-remedy-reg" end config system replacemsg ec "endpt-remedy-ftcl-autofix" end config system replacemsg ec "endpt-remedy-av-3rdp" end config system replacemsg ec "endpt-remedy-ver" end config system replacemsg ec "endpt-remedy-os-ver" end config system replacemsg ec "endpt-remedy-vuln" end config system replacemsg ec "endpt-remedy-sig-ids" end config system replacemsg ec "endpt-remedy-ems-online" end config system replacemsg ec "endpt-ftcl-incompat" end config system replacemsg ec "endpt-download-ftcl" end config system replacemsg ec "endpt-quarantine-portal" end config system replacemsg device-detection-portal "device-detection-failure" end config system replacemsg nac-quar "nac-quar-virus" end config system replacemsg nac-quar "nac-quar-dos" end config system replacemsg nac-quar "nac-quar-ips" end config system replacemsg nac-quar "nac-quar-dlp" end config system replacemsg nac-quar "nac-quar-admin" end config system replacemsg nac-quar "nac-quar-app" end config system replacemsg traffic-quota "per-ip-shaper-block" end config system replacemsg utm "virus-html" end config system replacemsg utm "client-virus-html" end config system replacemsg utm "virus-text" end config system replacemsg utm "dlp-html" end config system replacemsg utm "dlp-text" end config system replacemsg utm "appblk-html" end config system replacemsg utm "ipsblk-html" end config system replacemsg utm "ipsfail-html" end config system replacemsg utm "exe-text" end config system replacemsg utm "waf-html" end config system replacemsg utm "outbreak-prevention-html" end config system replacemsg utm "outbreak-prevention-text" end config system replacemsg icap "icap-req-resp" end config system snmp sysinfo end config system central-management set type fortiguard end config firewall wildcard-fqdn custom edit "g-adobe" set uuid 62095e0c-24b6-51e9-fd50-c1cfaea313c9 set wildcard-fqdn "*.adobe.com" next edit "g-Adobe Login" set uuid 62097004-24b6-51e9-513f-aff9cf810e2b set wildcard-fqdn "*.adobelogin.com" next edit "g-android" set uuid 62097df6-24b6-51e9-caeb-ef4d3f190810 set wildcard-fqdn "*.android.com" next edit "g-apple" set uuid 62098abc-24b6-51e9-1ce8-ac891bfb4861 set wildcard-fqdn "*.apple.com" next edit "g-appstore" set uuid 62099750-24b6-51e9-a356-ed8ea5c98d71 set wildcard-fqdn "*.appstore.com" next edit "g-auth.gfx.ms" set uuid 6209a3e4-24b6-51e9-c323-ed1fbbf15ccf set wildcard-fqdn "*.auth.gfx.ms" next edit "g-citrix" set uuid 6209b2bc-24b6-51e9-5cd4-b5050922c021 set wildcard-fqdn "*.citrixonline.com" next edit "g-dropbox.com" set uuid 6209c07c-24b6-51e9-10d1-2e897d56a4e0 set wildcard-fqdn "*.dropbox.com" next edit "g-eease" set uuid 6209cd2e-24b6-51e9-3e65-2968d77f120d set wildcard-fqdn "*.eease.com" next edit "g-firefox update server" set uuid 6209d9cc-24b6-51e9-3e71-3a2404fa2f9b set wildcard-fqdn "aus*.mozilla.org" next edit "g-fortinet" set uuid 6209e674-24b6-51e9-c57e-d0598549ff65 set wildcard-fqdn "*.fortinet.com" next edit "g-googleapis.com" set uuid 6209f4c0-24b6-51e9-df8f-0e829e426c7d set wildcard-fqdn "*.googleapis.com" next edit "g-google-drive" set uuid 620a01a4-24b6-51e9-1122-ef9626bda333 set wildcard-fqdn "*drive.google.com" next edit "g-google-play2" set uuid 620a0e6a-24b6-51e9-6d47-eccb4a033048 set wildcard-fqdn "*.ggpht.com" next edit "g-google-play3" set uuid 620a1b1c-24b6-51e9-e591-2ef9d159a928 set wildcard-fqdn "*.books.google.com" next edit "g-Gotomeeting" set uuid 620a27ba-24b6-51e9-4380-bd3ac82db229 set wildcard-fqdn "*.gotomeeting.com" next edit "g-icloud" set uuid 620a39e4-24b6-51e9-7a5d-ffef574171f3 set wildcard-fqdn "*.icloud.com" next edit "g-itunes" set uuid 620a4902-24b6-51e9-b118-dc02f0577f69 set wildcard-fqdn "*itunes.apple.com" next edit "g-microsoft" set uuid 620a5604-24b6-51e9-8a25-7dceb362ea9c set wildcard-fqdn "*.microsoft.com" next edit "g-skype" set uuid 620a62de-24b6-51e9-b1e3-1c04ec2e2e1c set wildcard-fqdn "*.messenger.live.com" next edit "g-softwareupdate.vmware.com" set uuid 620a6f90-24b6-51e9-a136-1beec3f2cf7d set wildcard-fqdn "*.softwareupdate.vmware.com" next edit "g-verisign" set uuid 620a7c38-24b6-51e9-ea8f-9b3e047e8298 set wildcard-fqdn "*.verisign.com" next edit "g-Windows update 2" set uuid 620a88e0-24b6-51e9-8e2c-0a9f527d4d8a set wildcard-fqdn "*.windowsupdate.com" next edit "g-live.com" set uuid 620a9592-24b6-51e9-e10f-d1aefbd77e8d set wildcard-fqdn "*.live.com" next end config ips sensor edit "g-default" set comment "Prevent critical attacks." config entries edit 1 set severity medium high critical next end next edit "g-sniffer-profile" set comment "Monitor IPS attacks." config entries edit 1 set severity medium high critical next end next edit "g-wifi-default" set comment "Default configuration for offloading WiFi traffic." config entries edit 1 set severity medium high critical next end next end config application list edit "g-default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "g-sniffer-profile" set comment "Monitor all applications." unset options config entries edit 1 set action pass next end next edit "g-wifi-default" set comment "Default configuration for offloading WiFi traffic." set deep-app-inspection disable config entries edit 1 set action pass set log disable next end next end config dlp sensor edit "g-default" set comment "Default sensor." next edit "g-sniffer-profile" set comment "Log a summary of email and web traffic." set flow-based enable set summary-proto smtp pop3 imap http-get http-post next end config certificate ca end config certificate local edit "Fortinet_CA_SSL" set password ENC PuOM4gHkHuJPcL3+KLTzJH++aocij+h9mpsNxI0X82ZcYhAnP8YpKcV+CwfZMnY81vMazAO2gDkfJroysgzUW4UWPSkLKNFp13XLcKR4BJv67mYP4w2V4H2SuR4HeDCe+lVAE6qXYLy7bmjC3bYWJaLaOyFZssmJMcI5wAnxb0PFxZwWPMwxaL7Sl5NMLCZWECsDaQ== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIkArPVFfU6OQCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNCAv5ygMcoaBIIEyOhfnoarkixr lBi9oyZcxaphdb6sR3WRbHcHuVeFl+cHC878rHsYOIHrT5QUq8hnL+8ab0IfC4J/ ZmsaT1XZXqQzBwBSqXYJSOTJqQicC22WJyYfRoQjac61PiWdg5P3QQLyEItANg90 UG4/PFikcHaPGv1eb2VoTxTb+vCRpgJFz0Oew0kde1PxFv9b5DwVWKlLPNSRL5tE bvauVCWPOuRjWrdui947qvlYlMvVpaeeWWPMuIsRM36urHcBKGisNeWz9/aRC23b dUPZ2KyKySRzA55+vaKqPEpsFBb8Q5uqFMjD0l5euzpJ64/pc1at2k9LdCevB4GQ LjBqKrTNvHoIWqV/LmtPUw+cbXgxcYHraDjV6kOYXhzy/4OYSiuD3eRuwfzczvqm 8MiJyEcH6xR+jEL2JLR0I+IXMm4+tqyKHaBlISIbziV5c05kbxXuqswqLfX9aAPD GUEQRu8OBwplWgDm3NlIFdZ101K7NzswP6ugMXMa19ixndpvf86WVgLH6CEkLwuu UZbeO/h3z12VPNGnGEFAoG/XzgPzyFUlE9sC0Le4KzfCtVodGaIj1Z9lZLbjdj2e ZtCLOE+ma0QRzpVmgkiAGRr6Dng+XMoBRwXoAG+fUDMKHAylENcEOEcLtzrPiPcF 2DvZYw8Z0TpAitcRDSLEwdtE/CpFR/RWzwzS3lz8CxhvsmkxBxCAOz6N7qwJo4mE 27UKoRp7Zspgxo5jYwRhsP10/nXy62tGKr5TM8p9B/LGFmjCuYr0ubZyK2vd09g0 DbtrUxXP2p3ol+t8oK84mq2eLf73B/g9nHXQ1NBBQiljFVvOmSbNKrnDRIfdjhgE QCvUfWNjgTtXH1PzMW6aocIbdWUbXsX8hVp349w4OlG7st8yQ+X+Oz1VpS6vKCZW 9ZxrUpFEQ52JHW1xbZS/Ivs5eWkVgclGoI2ZUuxQymrYKFlLfqQWGstmpmuGvDDs 2wqKXjyk+DEKFsTabWJK2baVLZPLcHa3u35dAImoopQTUpkuRRyNrY5WlNYH+lzx n1L4+2CocJD9FbaILiUrcRwHQL7MCd9pxS1c3j+nuVXfsHDve14EEl2cPvTXZBQB ogk2u+8YcNbISpQQYd1rfpeT1+mycDAWWj/NVMt3YiTHO/sQvqxL6UITDhJs4dXN pQCJlYnQrJBQH2lqENerhMKxKSzx6mPWB0VpWFazlbQFOsSa9lzhlv1N70yD2OtP Gg7TtJtyMskQHQaT5QSRfQgc+aERIyDUiAZWwEuKeRbAlLsy4Odvbmk3nCZCXLR3 Xe1j/kUmzIqvRogaOIuawkFdW0C4xyF0DBqlATLhAROjWsc5MAtmd+ekO3cUyJ7J b76lf5RWMGr8e7SHACKstz9rtPZPC01zs8gcbi1/YOMx9J7JP6F24hSYiryiX0lT ToNaq02lhqZfqVbD0/lx2PIVaCUEuJx2uH9C4elZridg//7FjuqNsl8zfdMIKf1/ LPGLKwwRUK/qSx7xfn0cuWC1MIasGTH/zPlcs9CLHIH7jKpy7E16atUnGtGaoQ2m haGheXmMWAQN2dnGKePTxA+abvVd3Jh2N6sMioAaHKluJJj6h6WAow2kxEGYdnqx pkyXFxSVNNKfyIO9lOz+LQ== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID4jCCAsqgAwIBAgIEDkzaHjANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZ MBcGA1UEAwwQRkdUNTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9y dEBmb3J0aW5ldC5jb20wHhcNMTkwMTMwMTczOTQ4WhcNMjkwMTMwMTczOTQ4WjCB qTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1 bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRl IEF1dGhvcml0eTEZMBcGA1UEAwwQRkdUNTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3 DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQC/qC2nnp7fT83LX5IuTwGzgma6yay1PHpVRYnHwInUvZrOGzIz TGxl8Ld5VM3/BKEc7r/9a+miS9lxKN+wnDYKh2NOx5yY5PxRyavFwcvbvnlKz/oL S3GgoO/7IEYabk00Br0Ro24ij/I+5/AoQIcqy2R32HFGQX6yBFZQFgCprn1gOe5a Avd7f/O1MzNTctmsShHoGKh80DXHSkaX1dSQ85O9ACahxi9+mDS9PiDeu1lXmmgG HAu7PwtDeqYB5+IOraGULX2fFmzxNG89578oywIPb9JVxbmmCwYJnOQwcD3ogEuK GO3UXRSWw9C8G944jPcYxPkwUTF3LkH7C1PbAgMBAAGjEDAOMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQELBQADggEBAGlvyq9z6ChLZrcpSOjn8c5mnmQRIq42uVdv sQ5MHptyUkxkpW4UV8ttt5MWDm4e7AJvgoS/hZcN4Whp8oP2J0MtZK3c+O6lH99K mYeAqwr3GtldUW5LAnUYImx1C3GSt8WvkmF7Lovr6zEsnb7DAN7dGRJrKgA8e4/r wJMcSdUnwODKPr8bEILyr2tyy6R4CHDzLnBKjDhMQkzLDqj9g2W/8QtrXFRQXub1 LR0Gosu+RGZsQjGDSF2uBVKccEHOXVhfAu+xArltzvapfwYGPsWLLya4CnpWvBux QflZ707Ylzl+pxyz84DeKhcdQ95KFfT6ov+b4vEKm50/bVeWadQ= -----END CERTIFICATE-----" set source factory set last-updated 1548869986 next edit "Fortinet_CA_Untrusted" set password ENC YOqhDAOzfj/CDMo1t5IT/TLTmzIflAyTjclbiA4ewlrelByUbSs/QKUwkFnqkYLnlzVH+JJD3n8pHjA8CkzFwBEiBZu6kjPcPY+cOCZtrUMgzwiHgaIu9y3WwTHDSdWTP+qeSwjZRaSCmGL5NKjkx6ht35RKnLWL78x15j4Bmik1wOWxQhn8/O+shAupLBaqr0LuYw== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIPEvyL3/fCE8CAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECESdT7RmuwvsBIIEyGPhSuTfQxay xlH36h650SlBZ9k++ej/sAB+likC8WNRUkfcu+B3Q2CjSeRmG+V6ERDqJceEqAP2 LejVfTi0JJbYPUa/Wj+HUUom4qBpl0LOkkh4wubkYpMaAkTxrGMmlYgqjfYjIVqe FDm4lAnM6adE1THuHwDyUbUqeDG+jYgMxPmfn4/LEyDRRAVsgd/pyI8DtF4NDnwC xoaCBEvZnkzo0UBoeWvwEQ1rFyfxawuZLU2sFl3MlTfCIvZhZYLyX92W8ajcDiPu syldbMvx4rgLNX3sVzb2ft8x4XDQf0WdRLJxzcqQYzWeYAyiyWKHd6D63pQ2nr4e HfxHnw2SO3SeCuOajiriCqX2mrUExW2+NJ8EVVkLFhDBW9ooqjNwOiB4TgPZMwu8 Zod2ozh1dlOCENxonwaWqjML7Q2r4ybAyxbFDG8w1n7N0w4NQJF/nvevMCv4zehO acl4Bz3+NqHXkKGiQstMGWEauGOXamhwHDnAlpcNrZFIrluF77PlJOqxs0mDqe9o +OU1v/03Ia5DwfbXC42JmjGDoePaynPR+CZEsJp9di2uGd+01uBOuIMZ8c+lCDhq R0/Ze4jpB+z1mwqMxWFWoscXI0twJpP1lUrM5TrOKKLXNLQaMMQWtl9kydfAUD5j eVr9rN7DJ3OG2HF3HN6RoXpHAhoAB1+meAh5Sb2FCLLz84BnsAtvCApRDLVHbSYR yk6Y5DQ13j3JRasB1AW3+adPK1RlVHrzacM5UjLpg01YRYsXyeRimz6RvUc7iVEe HFpWpeVsvki0Edlw+T01M7NaG+6rVP5E03f/8NlkKHSwh2TB8ICGr7GdiZoS/SZq vLUw15PGawByc87li32kiH4sh3qmhy4I8ByHj7wFBgs366NGh2JNMWJzrDQ3dadU jiugFqzd80GUXS98tfv5UUVC2upUsTR6L24C6+jp7D/qW9nDangYDAt7q4zXb3ec 57VxJVi9CD3tOUfMZpu13FcqqkTPl2ew+DLHkMUt/MDuwYlA/5446/E3hS/vGp8V mITj7Q/UDWvR3QK/gV3cm3DSxqlWJIYI4NPRCHizvd0ZyckKr1I8SKgQtodavSZe xr4CJXteS41iY+U8dGwzMGfOByHD+Bea+vlkR6h2i778V+Ty07hqmD3OnLxVns2V bEYHDK1ccVvUmOI9A3q8Fo4x5IbWnWAwoQB/1IM3i2Eyi/i8vvPvSmC0bWKTt05K VlDH8Z+xG+E3ugW62S2KSEJCiPDoyKIi+6uuQgumQ9+I7brHoDO0hJlE3dCbJN+9 8Q6cKztd5+e9rvjJ3h13eDjYYKXocrKsE33XZaFQyGC6+ZiH0Q06UwDLlrDkchsp tRKju8pI8qzPKWGnMN0W6lVgbmFjfkBJ7aAuRt32yocII9+r8MOhK03sdHKrJsg6 oGI2qzX/MSZzcy21mtZydJiOC8q2Fb6F1EtxJ9MZkXH6FSVBAedZyCMez3nt1d2v m519SzMdoyJQ+lgWb9CeWLAA17Y4AcxcYlPJ5XWOSnqatG2K0yJi/jYrwutDXITj Nt2W+t5CFO6gnO7keZun0DLNOlBProfPXjB7ubgTYtvf2WJycKt9v75QQRz567jt gx1Thfyfrgl2uk6Cxmngbw== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID7DCCAtSgAwIBAgIEX6xzEzANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEe MBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVkIENBMSMwIQYJKoZIhvcNAQkBFhRz dXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xOTAxMzAxNzM5NDlaFw0yOTAxMzAxNzM5 NDlaMIGuMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UE BwwJU3Vubnl2YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlm aWNhdGUgQXV0aG9yaXR5MR4wHAYDVQQDDBVGb3J0aW5ldCBVbnRydXN0ZWQgQ0Ex IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5N9r8XAEJQJ/d9EeQweR80MJ1IESRiRkvYgC jm1rFxt7sq4xMTWIXpIQnq5VoqFUbLx+wfwzknzPh4Iaf30HxWAPyZpAyRx06JEh qegVIDI8sW8WIehP9n+QVidm0FPwQ6/fFvUXZ8QIJVs22gOPjcU8R/dFdA2Vnd8H xOMFng/fkYqePdGcCTe6nyIaYT22b7/5qtQrVUvs21MSgExVXC7/pACHSh4ZLV8B FdHC9ClwDJlcsJW3VxFMleR7rVb9P54o41T0gttDSTn2/CpEDlvKM5iwT4kafz6k qA8d7lND3kWoqCTSNgP5r1HszN5qMR3LOS465V80851tqSoHPQIDAQABoxAwDjAM BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAGlI1+WeH5JZTrV2ZUSwvZ s20PbduwLP6fb77RgchvYUwLHQxf4Xd4G1VEDtjtID9SeHACLQejwwHV9XwpHNP0 jZcdu4ekmEbmyRaOoaBjwxdOOeFTefGzC99QskdPkNco9XCtkRcPoPVpRQKlVDGs SnAMVz5emWnYTFnvbhoUUdhlLR2o0FCOwAMwHIZQ9DwGoGNfucx2uetiqnaOg9E8 KS0C93dtOBhWym5cN/RKaLDISdBdh93enmaaIV0mrsFsw6QY0zduRdgSS+XmhFwG oG33S4KyxZo0HfpBvN6xUU8v1zR11wf4hcUp5o+TKqqjPA02LP9R7No5MvghYr1C -----END CERTIFICATE-----" set source factory set last-updated 1548869988 next edit "Fortinet_SSL" set password ENC LcvgLrswuK+M9l/TdwrVoiom2rIpABT9tnszJZQlU7fMZ/WkQeXaBzzGRDcjFM9cIAYDJci7k+WFxg0XUlJUCV69tvj4ICY1t7Y04nQRyR2xfGHHsPGcVaboyemcngoJTMBJuGmxXHEjxCm8WaFyV11LyFFl2jvw07hdZrtqbhSdo/lv7aOEVdFhPITPyz59GkSSVw== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIWhAyErYOmlcCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMdvVYevEptFBIIEyPT0Mf0XaUvI aSVnKi0hQRWXU26d/2GTuFqBynEv9kx+rj3hKeUXTPmC3h2plIJiSuEPVVOaJqdO SSaUcpOP6PUDq07dWLgH8Xxe359cbfUYcyTdlAjoRhlVYFuos26tDPwrq8aXABCI ukuBVYPI8dZadqT0o5Tb96VYKFQ5DEnEISGzLvsm8AM/ZkRhbRz/sCR9ThYdqi6s 6g4+6v4hiW4Kh6aDIveIaceNt2qdsqYDH3iEmk/1aI/St5TZSr78Fp9TqfqzzwCS A5W+ZM54TEUBG1yp/W66KzoHrsfty+bOSyApcQXJc++FgJQyFt/csdZKps6xRByD di1k3nIU3IBYjGOS98i8E8+52F43J5VqdceAKor3DujuAeg30x9tB68BsGJ8hArn CvNMHL+G2duqZ4bqtLJamWMlFaU37U5SSY7gOcIjXALFVu8X9RZEJ5SR8/fPkii1 IKEWXHzlZfrOkIon+d7Qbbm9gxZi9+rIdXMak9wBgSVDNpfEuxQum7r71fTIUyAT mrxQ5ierq6hU/2sEZdwQjNWdWSicHq4T3ljdN3zh6cYpJGnr1kma8rhUIyMxqMjj jtG24Ez8tNdC0Q00jXH3Uw7HesATSu8Zq+zsdNIHjMtYjgNhIt6HG1auSFWxWvPt +ieaiPltW5ah+rXiUGACS5mpWD+FPdZO8dnZoYN+tglPFpnhgfa6nNTRIAo9zIQ4 4PZqlPy4cLldLKWqxcX21NRwiVlrsWvKdcmc5y+hwsENWtEBiouN0kopXyV+/7h1 ydwdVk6/VO3eVO5WctP/Qd1FFOBlpdX1tF29SJKIgRoA0l5w4tns48b+ABjYsDYx 8o+3EF0hBjais/fShf7Iiah13k72Mi1Z9KKi3SE8odSR64EDG2QE0smV/wPvPoXa CgXjNACXf7egNnEoJOVKZ3o3y0fWjQwC3LVM0dj6fD8lGm0OmWlZduqsvkzJXxxm UmlbmcS+JaKs8g+XumUvILYLdKgW4kqa5KzADjNPqFYfrOfDEX8TIwzBHX0XXf+f SnXJA1s0SGeW16yp+wJvqEx8WMfEZGoezoIDv/bN9M92BMr7XRZH8DV57C2yqXXd no16F0DM0vAojC2JW6xFlyZnR/FMDiRceTcxvfnv4Jn0DaPhIayM24FKfEx2Qd9r XFxezyZ9AaZNrNAZEv6kBGv4ALQJytmv8T1auGVH1Corz9AU7ogeBkPHMInLFsw9 nUkLDRVNS8T2jKYhHonBXTZwU3rm4dZhn9RuNPM5U4LPMd8zPbvSdzUErEaMi57T 6rdjwTvjmArUup91e77w7K7VEo8gjjxyDU0hkWr5P2POCL1ScH2vMzmrqQOe1Nf1 S7YMXZUB6t4f67/OSKJEXE3+BzmKmiEyR5KbqM7ByuIh3x+ftUcEyCt6ibrWqS1Y RWCgKCqCK+8+3PUB1fWzUQxAi4ZDlHixb1WB9mFP6bYvnx/U2JOcd0+5y1SwSe2w zNZBbUJEc5KC9RqG8vB1xkEuAgzQstr0sXocyaKzy55xwOMvb/8lOvmbOrBGsmCi vlF3S6tEjSuyLZHGDnvz8I5V5/8nEMuDnlnc4Izka/IgShkTs7uUoXn0Na/7KCow Wd9JX0dPwTAuTqQnIJLUqA== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDxzCCAq+gAwIBAgIEcCuHvzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMTkwMTMwMTczOTUwWhcNMjkwMTMwMTczOTUwWjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTh0Lk4unzw5N2XlTP oNgqI8vSLP1GDPwrolPLI7/gszKamBhzKC63Kl+Vrqm9GdszQ7rLwNYBWM4ox/V/ jrw+/ZJQA7aO9tB+7ucWvI4kSI8SMUyVe8IPMCeO6fNqUSAf5syzLtcnSkzT5d/K QT9CMCpmb6vrshF0z9dKcat9CX5zD1xJHJem7HFPzWZ6o1eWrKWWtlMBnZMyoAJB ZbB5sLtlFPorWzZ0MBhYYArCHTc60Ftoif6CWmsJ21vQGQsM/GBEx7sJONQFvP52 DF8kO0copKVcnd+XzOLqWoNVoFzKVLDyi8HVGsvzXk38iE2RCiULEeaGZzv8RbzV zWmtAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBABt/HT7Q TJ2VvMVo0t+g7pxO5RMbJvLZe9I6Iy2w9IZAR/fHZlykw5iTD9aZfL6OGBEexbDR /YyRTIr2IzwLzBjWPX8wS+CTH7eVhavXEydUmUrWxLlICvTF71H9LI6/rVAqEHrw 5YlWSS0QhINS8LM7p2pbol11hR9ctx+YBQHYieVb09OjkrvO7jizDYUOwLlAdHlg EaMXIPeQfVPfFfiX+tQjr7lUrUqhBgWNo3Y6Wc82khcc6cHi1qhiRl0rhFZJFAVB SyN6m4oNDibP6fmAu4FMtGOlwOBwySxsvyP637NB9qAQ46jdwTaG1NgUraUj+Iv+ 3+Y52mW/VXbQrbw= -----END CERTIFICATE-----" set source factory set last-updated 1548869989 next edit "Fortinet_SSL_RSA1024" set password ENC 4Nee3gyLEUx8pLeVR1RNolMISiSbJGkPDiDLCVLhWPnhK7U3LBFTpusEzZxYuyppDuBzpw+D6eAgchCP1a2/vLLhQP3WfEif7tcbGatVrKI02hJo7VCG0uVoZPJDbSINA3+6DLV3DtgD368oGmb0kuQ5Xq2jNjJt/cSF6hw3mDoPKyDJM18x6J2okM4lUygDWv69VQ== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQINPKiODMa3FUCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8atv6c0U3kBIICgE1KJMSQnrMw AGQc4FP8AtpJaO32Am8KotEyvPV5SH9BO0R/g3Ohk/g6YmAxYeJ51rLdumuQbqfJ d1blV0269HM9sLXbdATAVWmEmi0SQErYE/bqzG3mwOmSFK/EW7I+hgMjFqog1P3n fJ4UrDxFD5ox1769lALIhkJQLstvK+9Ly5z5pknuHfkVBR/nEveRvH8hBWVqOA+z Rf/Cu/UokIiFfsmQnKAvnZ1FzOQP6O3723b49W/Z/uyjcqzFA83k+Jvj+szSx3Qt kD1r8cMF1QriYE+jsMwN48nzHUkXQN3MDbJD/Xz+KCnWzEpbZCPphI17yzzFMqMV uguCy9tTMAtJHChEZJZKE/QvFllHloIVtf8+VgB2rPpp42sLLkzwRNGnSfbH63YW osS6Byw8zrso+L+arOOdSrrA7sYT4nzGBOpj2OgpgQNeg0GgvOEyU/9L2sRdqim8 1Wm1rjH28ndWmVoBJr2nv6y7cyJmI7Ov/av5/oQAbCg1noK4nJpQ81WvSt3DqWCr Rnqlm40uLW18HoDG4Eml/zKaOwV4bfu4A2s+BGcAkdi1/1V2aqBcHBzqDXmJ8kqH rB1v7O+cKCiJCc5UXsHu5WOGFk3xsCytofzXJjzzTM27stC87xPC1IobKKAiuMPt 9ixLTQK7s0ecZWHAUAhf9xNvm+5HZnUO2D6KO//ati0K8lk8TTNOtmfNJRaR6vqQ SX0xtvm217FO+BO3RLouw8b0FxEJmqR5TS8GFD4AMa7RjLyv+YaWrxZBPQPCfLSt eqHE5eex+vhZjEQe8oB1ZXzUAtLoaRdmEYu7yhP99f+jjJlLBasCx7wCR2kXYdBw eTFse4SJipo= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICwjCCAiugAwIBAgIEZOAHdDANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMTkwMTMwMTczOTUxWhcNMjkwMTMwMTczOTUxWjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMDzC+pO+U6QK+mqQYylT21m OScmu8gddgG8ncyYmIvw2cKdzjHxJgPjV01CaHIyxtYzLm0C8UdDIMbb6ixAEHD3 O9+0S9dQz8MqI63rc1DocwTBYCQzJBYHn5cyMbEgFQZBUya+ul1or3+FqPjjVnEr e+sPR3wQbCTpeStUuJv/AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEL BQADgYEAW9ZN36Qt29yUICMMS/8F8p2w4bI/KRd+EJDisO5nf1WxQDLMCcD700Cb nFMPWXv8l1m87bmDhZO/bpYZzOm0zm7lRi6m0/r1Zb9DEB94g0mxA0cyyRhUw1a3 4/CCcbYwNpuC41P5uJMzKw6/imSnl8yuIuG1Hy0XKiJMgCAkF5w= -----END CERTIFICATE-----" set source factory set last-updated 1548869990 next edit "Fortinet_SSL_RSA2048" set password ENC 7OYCwAZqUUEsxTlnyyIqIPJ48ZrqTlfK8jeV2J9PDwgYcZd1IvE8wUc1AU2M5HS/VDFO0C3QpHAPZ04wg+GA+8rEkeN32mXtQUGvDP+TLi0R5+rX5vNPybhg7c7JIM9NqwUFPGtMjT/RoDzSL32IfQRmn51uvJXkhDwPVap5dvCyy4hIn3kwqse8zUpR30KHVo9SDA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQITJX0JnCQYAUCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFI0xUWKqawwBIIEyFvFtxmxYKKf LmuTS7X96iytc5fT6FALnl8oaQfnODXAsxj02kS0HbG4oHne+q+0U9gfGffbYkMg Q1wOJHVuBVnnWCSCK1FzS9sTAXppiKXnJfYABPw2wNhOJpwer7xg33Jq4Da30AFF fTEZ+DF8a5Rj2CDOZQokpGT95Aa9v2quei6x8RDsouNzfiTPtjUuaR7k31GhaOOX u7//VHJm+EVIoje9mpTLuHzzGJ34pssoJju5cAM0M4GORmA85jAiboOoDXEZ6w0h Bxnz5f5ZC137ldzpd9UnDyVrGVKoIC0g428eOUnLmw6Jl1/+cml3Yo2zCoqw0k9n mcgvAf7GjIgDMpNgVtrulgT5FMoY6nW5hewb2O8mmTc3ArUYV+g1zrDsiberPPPL 6BZlv/bD/qEAX+ydqV8V6Qyq0lCsfagmzbupKmL4pRdS5B7g3K1WTHGejwQ4JWFA CTuMdYW9x9tGMVQBHxi//yDT/sShLCD7CEsYcxaUhuZrNkYSda/wFrhmm/91+vQX vb14Wcagju+canChQoqqMe+ADxcj/5Wp8/CTUBmqVARorHmk1QX4eIdUJN/LEay6 wmTOXtFUFEy16qJ234cvA4KdU7uuD9Y0lYoF97oUW/QNNXRj9yKW88U0cosMeDAV 4W9cjDRu6P1z6QCJqYttbhOxFnIrua/dn+JyWqKRTbUrexbyJ2mw2EQlZ5DRi9Rp S5aiBzd+lsdnVVeDkfzjxpI49+GHvA2qMmePyM0TqSS71HpQ7PmW0zdosklOp8E8 xDP09Lh22sMJc8E2ngvTCPHemQ0BbkdK37JIDAHccYit7oKqJeqS49prtkbQ+y67 shUr5DQsBy+bGm6q5bI2DPuh1DN+TNGBut16gy2UrN2UnsflBepad4fIaVoP72d2 NwP9l/SOpH1R5GbnEsjedhQ6INJ034mqNclWibN2FY5DQbj/jPUjaqU6kVwgcqB5 Zn5Kj6wy0xsGTQkaemlWN9xzf5Ey1QYuEwKrBFN/L8phgG8yKS79bnVW+F5LNndK X+QpFlzTWXbvLZCsaK/DzWeqNTzcpZ0As6hLteSHa8LM0YN1dlhHyfsmNNVqKpvr gxTKQd1rC/ORQU11XwfE6bsDDrUXjMLQSHt2Oipip5gXUSwVRLETDBV/q+ReCMpP Sd4bySeOp2RYVFLDDmAfC7BtCIzzE03/mhotfLgsKr8cmjrXX26/KG0AnDcKgiRp mT0eftRgvuSUlYIW5gA0HTXhpj1+T5GeLRdvgx929aPMpfn8lUqQgw+apw9c2cyx Xi8/r0Xa+xY+wiJKw72WoF6tPF/zgzKYDCUxEMWzNk5vsVqxPR1MtkXEA3JwGxEG V02BVg/zJZ1uheiV+8zCO+kqAfEtPsllrh0ng3XCCEUP9MaZAtRQ93YyL3gvhUtY d/lavzwjxm4M8Z8e2xRk7E5UByqHvtZq8/O7RWxBrfbZvrVh8YjzZ90dNFKjIF2A SpZfxaJPj0Im4T1JGGkAFa+In47jaDt4Knggdbg4JAWxHbt/5d4qZm8BWWOFjGrz td5HZ8pNSSW1TxUafpOOQie8N6Or0B+q8QUjyB1a3fVnvKqKTfYti/cJKZjF0pX8 xmlEbul2Hel8qzzjcR18lg== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDxzCCAq+gAwIBAgIEc5G6zjANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMTkwMTMwMTczOTU1WhcNMjkwMTMwMTczOTU1WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy+wTFfT7z3gjKTN3E 4jOnubhPh6p4z5kax5oaofRnFPd3dOGf6I8BmBeLnGWm19wY+90nnnOL74sWeIcq WUuxvx7Mt+3dnDPF56O6s57FIN1Ly2ZPKTcX7aOdR3Oe4JR3/bE7IY9SSAzGDgz8 vYTQgx4GtCARDXBC2mngJpBWPr53N/oPpcTaaaZ1BYeiXIJYZx0S9Mq4LfLwYm7V avsABykNny6TzJyr6Jg0ItMQ91vNVxZBnHKdiDG9s6zO+reSUdB1yeaDA4mRvz6F wigRUvUYQk52cEFimuc/LLpPDiVDRNSu9HkxhhO0gOcd7sIKFoATczbo/ALdQf+m hUz7AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAIHfeERd YWxrWrDLBa417ivLHXrUCnt5EqzF59a07OJZRivbrI0CjuOXCmhEAQeqNq8wZAn1 W7XJOSBgO4JeBlJ8Wl3NfXgp524PDDmV1eoc4XW9CJV2WfI5ID9WO5NahtSRqW79 3yhCJLnV0vMLAbbHgf8Z+LVTxghwcGOOf4FtkbbzZia1tfa+nQ0ymczcvCi+XZsb uA74I1eJAHktU2EQtx4rMGtDBakpNN8ohJNojffh0SSttXN2abpAds651ou46nNk bNH0hfIgjw1yCJt3Z/hwWj8irA3uGKRlENWf8vKqjSVu3dAVidX9IsiX/c6QmUHb 8mOxuWf04ud35sc= -----END CERTIFICATE-----" set source factory set last-updated 1548869991 next edit "Fortinet_SSL_DSA1024" set password ENC +R5njjBgviHEnrcxVGANwYfo9XsOFiUMeKXftBzTGHLipGqZkXdVLjaLMwiZCzmsWt4I5PTVMAafyOcP8p1OB//rZ1zuTlpb+DNBVyYn0UW1f5nijhTMBK2tRdBNOq0cJl2kwuOAHN1785GH348dV19eyFhFDGtHk3NboybeRD4gtHqf4PoctJvHF9sle4KQSCLhjg== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIILfjTrO2wQQCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECE6D95gwuaMoBIIBUFs+17NR+QY6 r/zvadtS0rh8Oiet/4LgbEVZvXsTMIleRQfoDdUlI+yAfhYZpZOaOQGtgEwPvwTc ywmQ1VRdS4wZSYHjIw0QZub+1jQvxvU4TWKVE0Hwclk59UEbv1L7VAiE2cdqrfoE 61l8idaS0DQfE/UPOZWuDy9nilCQ2ZVZ39xV8sNxosGLmJD1d8UaJTq63nkcFuoJ VVIEcyLRqdkTQfdcws5Xs2dA0qq06nwUi6RluTX2WLw44fBVUCvXKUxVSwO+pzcD t3+VyePQUa78eSJJcWRSzplV35vFtoqII4k467K70NUXgs32mipLgWYnAkfco8FW Oa7D9yhBlVVow5xqCo6kUX9yeLeSz9I6bULtSQhznW51f0B7XUgACItOsvhpwaB7 wXkikKa/MatA+fe+jO20gdLd5njnC+1KxIzH1niU7h6b/tmAFJ+tsw== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDhDCCA0GgAwIBAgIEOUKdAzALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDUw RTU2MTgwMDAwODQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MB4XDTE5MDEzMDE3Mzk1NloXDTI5MDEzMDE3Mzk1NlowgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDUw RTU2MTgwMDAwODQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MIIBtjCCASsGByqGSM44BAEwggEeAoGBAOn3KMyoNhtYkfDE7/HYpIOEedDpps4Z ylW/qZGkakJcqmSdQ5uV5AmPOG18T2vm+/SCIFtoDhGvyfrFToxDZpBwSQZ/7VBT xEMVFsDkLDZjaU4QHOcXeTo/s8tU56f54uyyaRP7fIN4Iv0kqvjJ2nt9DSiLW9LU sNA38TD+/XEZAhUAxRE0d4nwgtMmIqow53NIUU9o8wMCgYAd7FUeD+rmVu724bZK isH+jlPriQ5orL0Nu9eZmqTxDPUz8ZeG3sz2JC/sM5MHhxniGQ8U7Lxfw4OAke8o 45FCymnza9HMVM+2QXPaY9pxHYyrNp7UKPH9MD1BgZV1x/993PdUCQsaZdKL/nOe /lpioDqCnhpzuEjPqD30RVAvCQOBhAACgYAtBXHfgYOeEQo/4LK8ViTk3sTUB8W8 /25RGXqNi/tVbxTBXMemLiGhHqjoa4b2zMdaIL2MQ5dViPHDqrksD7M11xMKJlpA TsUIrXkEWy77cF7ilx29T0Mv12SFX/Zm83tgYVRGUW41T8mZz3U4hsixoNAmI/ZN HhOOZXoijIJG3KMNMAswCQYDVR0TBAIwADALBglghkgBZQMEAwIDMAAwLQIVAMLf CbaepKEjRa7HTF6woe+owsS8AhRltPbwjrJ8w9ygg2y5+NTh+5CeDw== -----END CERTIFICATE-----" set source factory set last-updated 1548869995 next edit "Fortinet_SSL_DSA2048" set password ENC Ri+D0z37LiDY23mUr5ovSbCMyXlMNBReOl7lJZvx4abhBYibhveGwUhhqvcMIk5A/JsaW9QLj1cBLvS9l9YqeTL4mywbT9ojIVcVpmyClNIJ2c+AR7Ns5ueADRJySk+6hHSx3r+ts3BglQxPBACnhS0xa9LFwhKZt8juAcxrqL/aRif6pPjke2F1YpHHukLqU6vMRQ== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI+TF2mJZGUFYCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCn7DDBCJL92BIICcARuUQfvstir ErsvM1aLfxG+APTiQSwJKTTPGI1jmhUSqtgXZ9YeA4rxfrnJNziDHnE21irwudPn PR8193HnQIUVL/4LhdlW7k2gEqmVoVyzfzTUmqAIP55cZvCHp0PpIfQdBuRooQUV iYt+BttTjOQHCr+slYJHsSdsZc+MqQ1bA2mCHLLrnduCCMIdaKo9VpUItK5BdZZA KqhwW8x5Z52u3NrXsGexKsg5CtiyE2e8SzlVdwNhOzguulNO8OV5DEyWhihFQRao mJUFrswQ9U9WIMOD7hkuLaZrL2v3mrBxs8PN1s1w6u6XI4whpT34rB+dJr7g1ZNd S/nPTO7s/g7QyN6a/Zmxa7lqPmbr1Z5c6pj5AS/zUhkvcfgInkROxbQooZ5pXsjM 3CcYLbURg6MkF8A9plGZDOi0l9AQ8DNnatlrIginv5o9PyA38SMlM1eGqSl6yy+e XLqKMjKRPdoqVApmDh7ZSSGYALnPUMUwoa2xEjGwt+wLl6lPoItfvqehASIB03Yn l9ljG4pYYVCGNMAy8svQe0/bEUn2GF4pAFNXQg5s5A5pdQVFAClG9xqVGFJJ+tYk QNOgAdh15mXTv7xksmBmwZ1kL0gwv+RRyMJJb802rumeFsdjpa37ttBIuc7udOof iz1TgxnsMIT9E67qAdTwoW/vF33x93/3++vspnt1CX/wuhCrBVgbIeRkQwi6pHCI AIIYCwk+Fywhx5MxZ4sTf8UyFHjbl5tj+jfwcLJ6XtY8Zbofb36tWz0cTWcwBouR Me5zHqRILeLj1Y8zr4ioWBUs4Vsa/lzTJ9iL7SGGds2BYu5AswV1rA== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIFKzCCBNGgAwIBAgIEFTk/MzALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDUw RTU2MTgwMDAwODQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MB4XDTE5MDEzMDE3NDAwMVoXDTI5MDEzMDE3NDAwMVowgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDUw RTU2MTgwMDAwODQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MIIDRjCCAjkGByqGSM44BAEwggIsAoIBAQCDEITs16Q2tnsgUqok2HVkL8Lucw+z QrZ+rF6Y1zKKtaXsXd3ysvk9sAJBJ2jDZAmhNE1cnHCv9oAZSFk5dOR2lvE6ICHO 8LtvTz8o/Mb0otIPmozlkBLKhiPw44dVwtMI+wfRnAQgvboPRFc/C0xUoSeWErqX qgIDwiVzyVIiZXVYHX5RDpHdQN1d+whh2baxE2iIgPLdMY73MGI/0xlj32AFVDfh jdRC8RXmrAwGhmGELA04UXi+O0lgmfyKPHIsu2xnZL36wFVwwECyXrk+7QJvvkXA oEW+YcUppgid8nGNNatdw0lqhjfNL6sI+5XwZUcInASgxrhH6gpD6jufAiEA/tLB UYh80OAgfXVNAuFQIzrQZTYvRHFCAu6UAK4YAzcCggEAfhCnaGZt6BJrVgC2UiJl GczrfmHkArmetpijoqoPEBbQ1f1bYubZDpuViKsbhfHle+lHwV4zyn78BcFXH8+2 9QVTsOYsHh6stiD9P6Gdilv10MD0QOoUxDvS7Lkof19JbaHLtW6y4OY4hs/jtxy2 u5cQn3DIaOTj8yfvgdrz8tgbViWVN6PwU/KvGYDfCkX5htBUoZU1LpkOjSN0GTo3 zU7wulN1SQQ0+uwpdFANWB0qUOgydfivOzF5HCu78pzpl7MrcVjnRA3FCqpSw60B nYTlEG7w4TRgjEdXkRjfIEHFCTyiexkQhH4xUILmRjr2HgDui8pXRWwHmWE2EBkn cQOCAQUAAoIBAAjBiB9FZO7TSqmZ1ye+P/LSrk0shWl8zlwcZyN8izudjX6D37TV OHNefaoe2tcvEl2jJdzEQ+nY/YT7pQmYDv1Dj99JRqAEwx51//hTnGVgillJcP2j Y4PBiDe0+4b7vfdBgrB09Cy7o3J4LuaLW3FG6xGHm760XJP52kQ0pv+N2M9as3bB Sn6+uephzxhhiIt2KOpAo2UVd3nEUKI1ntCIU7L5mdeLHobVf8SABPeeQ2Fnh+1c QsMvD7ieONKhwPKN5nBOFo1u5vKrrJc0/oHzpF7RBa4wWAUMtwrFALnDdfwSKLin L6Clyx4L3l7r8wIJrq3yrp8EpgbtKjpy4ZejDTALMAkGA1UdEwQCMAAwCwYJYIZI AWUDBAMCA0cAMEQCIDezXSYf7ckIuWGjhSatKCU4krfagN1ViGyAGoKeSfn0AiAS ZTycRUMSMPfg4xTGxoPfPlZO7C5O98+5BRKqrWfYjw== -----END CERTIFICATE-----" set source factory set last-updated 1548869996 next edit "Fortinet_SSL_ECDSA256" set password ENC XxV4F/NId3QKIOz6AvDErVMx2lBMJYA7V0wWILr9v0Ip6u3auez5lQNSOK2wnQPZa5zEpJsECno70TcQT05JaOaDIxcUdj6LiPj/L+XuW69VXTNfXTIwK5e1FsD3gZvn4P/z8sNZF8JvxkcYazQDeEt+Pp81NVnyaZE3hojV2LAWQj/PU0MEKJGZXVmHk7PYKmEarg== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjT49GMlU8F0wICCAAw DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIu2yaqFhYTGYEgZA2/YbQwbJtzw6f f/knf3jb1RQA++4EfgxMubIoLKd8srmCRgd2gUzPUBhV1zdDgazw4MuYjWL5pLdK NX0J5MnbSZc87ts43JNlpfiSrknjvPLlPD9VQE/MB/0aG1oX5fpBnf/qGfQwoaaJ fKkSeGov1FMRUl6sMUo2UCgszvJhjNhrkgDE9xHo+5J2wEcAoBI= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICOjCCAeGgAwIBAgIEevr82DAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNTBF NTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w HhcNMTkwMTMwMTc0MDAxWhcNMjkwMTMwMTc0MDAxWjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNTBF NTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASdYN7JabJic+xn6obLPyJq1ZON0nLS 3GbUzvcBjjHslRdTq0JH/lcXPwYISxmqQJ0Ne0P7Ie9ZmytFFa4JjVWdow0wCzAJ BgNVHRMEAjAAMAoGCCqGSM49BAMCA0cAMEQCIDmmUeRS8nEme1Vy6p8pbcB+Jz8N gWGPTJ4P958SSIv2AiAI9+wFiS5HbVeXHTlOhCV7pU8E3GW1AXFASNP1vwylag== -----END CERTIFICATE-----" set source factory set last-updated 1548870001 next edit "Fortinet_SSL_ECDSA384" set password ENC +Vd7Dkf0XeXdu4jco4CUJDLJF9+LZTjFV1SPnKU2CyTyu3CKbnISa8wgYYu7dgdMfhkYUfeEwh3hyVS7m7wnnFpKosKQhTSygyAxWsnN+eGRal2Uz+veWX4UabEM6Zq5J+rjfqkeHQYvqb/txbu4JdOni7iAVulz8vX6koHH4MzAlU0SKOuPTF86FzSw2ycmSyfnGw== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIIN+CRl6aI4gCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECDxZf3aDubz5BIHAQFEw7HLq25D1 B5QFW304dROTKkslPmTMtmyNiEiL4Nl9r45tRguv15IrAI+BhNJVHt8KjXxcvxzh zV71vOsG6omq5wTVDbRfIXINWEe7JWv9omBCJVGbZIrlFlFPX9+PXemjuEPhThHm wYnnBCrR8BOKKIg6yxCuP3znpdlzPudN4wHOtw0N/V89F6a+hwsvOgI1N3tjsDGE CCy0WRKwEx7eNfj7oo1AybiCGgLnCRNcBKxQ1NSqeTlznuM/UC7q -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICeDCCAf6gAwIBAgIEU/D/ljAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNTBF NTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w HhcNMTkwMTMwMTc0MDAxWhcNMjkwMTMwMTc0MDAxWjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNTBF NTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w djAQBgcqhkjOPQIBBgUrgQQAIgNiAATzKoPpvSex7IKB3ik3lY5N5DUw3ZS4UFL3 AV+PsJzXJxgafqYqL2+sUAktNncOjtHw3eJD7ynGJYVh4427x0UrdEUjNwLul4OE tWmMGwnrO5gfXJ+yCppBDYmQFzZtSaCjDTALMAkGA1UdEwQCMAAwCgYIKoZIzj0E AwIDaAAwZQIxAP7bhwgtF3IVasLZPzaiexg0LagDgCz2PbGE0ImFQgg+8rmHfdqn BWe2DY7jpeyWOQIwJM78NtsAqEjF+PhSUmkGoMhwUB6R8y7ep8e4ExyguxsLLujV qnmeWOnJny1dDPSh -----END CERTIFICATE-----" set source factory set last-updated 1548870001 next end config user device-category edit "android-phone" next edit "android-tablet" next edit "blackberry-phone" next edit "blackberry-playbook" next edit "forticam" next edit "fortifone" next edit "fortinet" next edit "gaming-console" next edit "ip-phone" next edit "ipad" next edit "iphone" next edit "linux-pc" next edit "mac" next edit "media-streaming" next edit "printer" next edit "router-nat-device" next edit "windows-pc" next edit "windows-phone" next edit "windows-tablet" next edit "other-network-device" next edit "collected-emails" next edit "amazon-device" next edit "android-device" next edit "blackberry-device" next edit "fortinet-device" next edit "ios-device" next edit "windows-device" next edit "all" next end config webfilter profile edit "g-default" set comment "Default web filtering." set inspection-mode flow-based config ftgd-wf unset options config filters edit 1 set category 2 set action block next edit 2 set category 7 set action block next edit 3 set category 8 set action block next edit 4 set category 9 set action block next edit 5 set category 11 set action block next edit 6 set category 12 set action block next edit 7 set category 13 set action block next edit 8 set category 14 set action block next edit 9 set category 15 set action block next edit 10 set category 16 set action block next edit 11 set action block next edit 12 set category 57 set action block next edit 13 set category 63 set action block next edit 14 set category 64 set action block next edit 15 set category 65 set action block next edit 16 set category 66 set action block next edit 17 set category 67 set action block next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end next edit "g-sniffer-profile" set comment "Monitor web traffic." set inspection-mode flow-based config ftgd-wf config filters edit 1 next edit 2 set category 1 next edit 3 set category 2 next edit 4 set category 3 next edit 5 set category 4 next edit 6 set category 5 next edit 7 set category 6 next edit 8 set category 7 next edit 9 set category 8 next edit 10 set category 9 next edit 11 set category 11 next edit 12 set category 12 next edit 13 set category 13 next edit 14 set category 14 next edit 15 set category 15 next edit 16 set category 16 next edit 17 set category 17 next edit 18 set category 18 next edit 19 set category 19 next edit 20 set category 20 next edit 21 set category 23 next edit 22 set category 24 next edit 23 set category 25 next edit 24 set category 26 next edit 25 set category 28 next edit 26 set category 29 next edit 27 set category 30 next edit 28 set category 31 next edit 29 set category 33 next edit 30 set category 34 next edit 31 set category 35 next edit 32 set category 36 next edit 33 set category 37 next edit 34 set category 38 next edit 35 set category 39 next edit 36 set category 40 next edit 37 set category 41 next edit 38 set category 42 next edit 39 set category 43 next edit 40 set category 44 next edit 41 set category 46 next edit 42 set category 47 next edit 43 set category 48 next edit 44 set category 49 next edit 45 set category 50 next edit 46 set category 51 next edit 47 set category 52 next edit 48 set category 53 next edit 49 set category 54 next edit 50 set category 55 next edit 51 set category 56 next edit 52 set category 57 next edit 53 set category 58 next edit 54 set category 59 next edit 55 set category 61 next edit 56 set category 62 next edit 57 set category 63 next edit 58 set category 64 next edit 59 set category 65 next edit 60 set category 66 next edit 61 set category 67 next edit 62 set category 68 next edit 63 set category 69 next edit 64 set category 70 next edit 65 set category 71 next edit 66 set category 72 next edit 67 set category 75 next edit 68 set category 76 next edit 69 set category 77 next edit 70 set category 78 next edit 71 set category 79 next edit 72 set category 80 next edit 73 set category 81 next edit 74 set category 82 next edit 75 set category 83 next edit 76 set category 84 next edit 77 set category 85 next edit 78 set category 86 next edit 79 set category 87 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 90 next edit 83 set category 91 next edit 84 set category 92 next edit 85 set category 93 next edit 86 set category 94 next edit 87 set category 95 next end end next edit "g-wifi-default" set comment "Default configuration for offloading WiFi traffic." set inspection-mode flow-based set options block-invalid-url config ftgd-wf unset options config filters edit 1 next edit 2 set category 2 set action block next edit 3 set category 7 set action block next edit 4 set category 8 set action block next edit 5 set category 9 set action block next edit 6 set category 11 set action block next edit 7 set category 12 set action block next edit 8 set category 13 set action block next edit 9 set category 14 set action block next edit 10 set category 15 set action block next edit 11 set category 16 set action block next edit 12 set category 26 set action block next edit 13 set category 57 set action block next edit 14 set category 61 set action block next edit 15 set category 63 set action block next edit 16 set category 64 set action block next edit 17 set category 65 set action block next edit 18 set category 66 set action block next edit 19 set category 67 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end next end config antivirus profile edit "g-default" set comment "Scan files and block viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "g-sniffer-profile" set comment "Scan files and monitor viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "g-wifi-default" set comment "Default configuration for offloading WiFi traffic." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next end config system resource-limits end config system vdom-property edit "root" set description "property limits for vdom root" set snmp-index 1 next edit "MGMT" set description "property limits for vdom MGMT" set snmp-index 2 next end config firewall ssh local-key edit "g-Fortinet_SSH_RSA2048" set password ENC p95mvd/vJutU5caNkfj5heeLezxucx9O01Qj8ugyxgX2sAcYPGmSpwTfJRbg1f8Sf7ndmjRlaZVAeA8tPVvcLbZV3+qhtjrsFY2PwGJJ5HXVHcEyxEzVvxZOGeLrH5ntGVkzoBalkwwUlG+YVynJF7A8qfzpBuDBkwm3JgbcuP2bk+5O4A6yzybRmTtuxm6yfMx7oQ== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC/r3OMzE GUewAg3UdsoUZhAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDBZqMwZBY+ 5THJL6cUDSHirIggSMum4tB1YNdgDLk8gNwTJXy0ZKfoLNqT4Sc6F9IYcvzHmaNIU5LJi1 2WrdXIEUxiV+xXDiggeJLM31zc+UR2jepnE3VYGx/asKiheoumK8EtrLatGmuDG4WhRN3z 1xkElcDUclNgHJyIPbexJq2NQ4UdONXPcWEwbp+C5r2dpRTEPitpNSur69SamxNxBFfC0o vZ5O5ChmQLfP4beAwfH0BeW9uKfPJa4U4wYKRRfW2l1iJGq+Td/JjcdrdZ4gUdqHoSQRaU /fAgiZJG3MROx7gHwuyFKSkw6J8QIdDQfiE6Ir25FG3D7GB/URwXAAADwDVVfZJaHuGeb2 QD4FvfB1+4uqkv+/tYoxk93NmpNA9pszGvm+2CRBqvMQfCzhVK9qRErigiap/fRI1zt8WG Fgpam02jnmIkJiG9O6lV0/Eor1SQR9tvl+0Ypp3Zo47e5gnMJLgjRFq/3uoKiq7wKd+IvS t7LjQfpTBtPHZBM3aRs6yZ9NZ9MRkfHphYEd3CanyDYXre9QXMqyrZtCJYN/vofxf8T0g9 Mrh8g6ovqH9MJCqXw94vAW5LVFPbQtVcKnY+4cbpwjmk55GxVykNJKC2pPcc1ZPD+X5loZ c6MzKNyC7zwcQubLuscGMysfTF9GrDksf+hf5Oum6caYLZ4/OQP72Th991VAxaFv+OhPZC Qxaq58dJG6d5rqAfrOWY+ToegQYoTLwqw4txdXqwoENw7yZGBl9vKN0WHAAYLUwL4QKK1q kbcQZm5RZXl5wp/l4S+kCDTbyGn8oqZSWH9uu5zgmyIX4vm8mRT3RS4wnI2fR4wecRFvf8 Kj/wxdriI/lGDNehl1vwfqoO3YXoTrRSsC+T4Gx/TRuTzOlG6o7poe78zKMISsz8QiPL4c zOb5Q2sOIMzFzXmI6vpsyXMTJ4BFDJY/iTHCTTghQvUntwHHxTDsWBRsbPcFzVWV3bH8te 8O1azfw8b5aq3/tHz6vdhXwAijSKG87ZJR9vF7lTT6uZJzkYqNdXQvBqJTsY1B1xzoo3qb 65WusPbkKfSoDNgoaksH1M9b+R/juv8ujWNyIpeStGiDGTjfi4pPjN3hR4Yd8ZVizbtb7l rKuCIBYlaIubroBh1g32uclOC/4wDDDY4EXqpyVP546y9T28abVqhXh8IjkiX3MFAZl6ZF 2iwQ215VIe2nVOR2zUiXcWjnwhYiyvZ7A9xcHBS+aQO1lmzWbY20hdPG8AdH9gkhMx83iw jIrE3uM9wt6qlP530h3Zo93DVtrBUceoVYZF76kStmdI/yQIWF0fXPAeLD9Y1+jORWRJAw uCQQd/IWUq26AbwaoencRDFRY1mXHQVcmk5zZEVp3okyuAtMGNudbicHZKFqIZIeaWj+xs 4NL3aEEm3eDD/vJorbwZAG5kNTq8qhcJqZ8SsmMJg1qnupy4rb3Nn5YLn1asE/sY2VHk3C zKGVcGeT6b0Aespxs7WoQB6CTTCIy8XQbqipXhuA5P0X8uhSMW/xXDZniqVv0e7Is5TsuN Go+mvGKVsRiUPPZlwk6P0R3o5pEWtjU+10KrMfxC4NB8ln8zz1bPvHWgTUb3qIle1AOdhe wwU6p78Q== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBZqMwZBY+5THJL6cUDSHirIggSMum4tB1YNdgDLk8gNwTJXy0ZKfoLNqT4Sc6F9IYcvzHmaNIU5LJi12WrdXIEUxiV+xXDiggeJLM31zc+UR2jepnE3VYGx/asKiheoumK8EtrLatGmuDG4WhRN3z1xkElcDUclNgHJyIPbexJq2NQ4UdONXPcWEwbp+C5r2dpRTEPitpNSur69SamxNxBFfC0ovZ5O5ChmQLfP4beAwfH0BeW9uKfPJa4U4wYKRRfW2l1iJGq+Td/JjcdrdZ4gUdqHoSQRaU/fAgiZJG3MROx7gHwuyFKSkw6J8QIdDQfiE6Ir25FG3D7GB/URwX" set source built-in next edit "g-Fortinet_SSH_DSA1024" set password ENC tl3lw0CSrKeVd7ZrleFju3moV38rvt73pGYJs9mweM1J7a3axIuJqIUPTwUi4unrLofeNW9KGr1cgz4IdUMjiJcHtGlhFkTKIH4BpgizL1DaTWUGN/pWiD4R14O4KSKxLMZspUFIyG1ycJMhimqzQts9gyzbgTYmvcHe3euf3dNq73OQeSUMKupQlJEPt03y2jRj3g== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBzqsT4XA 0Hg5WeyR/UVBjQAAAAEAAAAAEAAAGxAAAAB3NzaC1kc3MAAACBAJCRDlbrVFe9gpBy3i7J qUxyOqfsRbIRXKIs97hoP+m3SceQUD42m55HmQz2ePiZrFlu7qzh15hYTb8AZrlDqFHVrG /09ycvuH1WVn5GbiHALF07gGG/wahtiR+yrheLzA6/SwoKQLs17vwT+d1HBlAyDdp50D6Y 5UOHhA3xS5/ZAAAAFQCvpNUGASFt+O9qDLo+DtosGKWgQwAAAIAd3taOQmZR3FYgE1D8oQ YSwIJiRMFFg5xL7SfxIRt8iGfJ66r18xXBzkn79gP0YZBX0/AqB5Ql3xxmhbBaNK6n9Wdl Ti+kh+4+IcGVwiRqbu68x81yYoV9HqORAKGW+vMQzMhUcqj2twzmWdm0JTBgK+c6LnpaCg z2vrdIsWP6BwAAAIA6yQTsZftdfKhA05pj/6ut6uqEi9lY8ciWMRIJ0tf87jI9qO/yKE7N VL9HTq4M/ktx6VhOwz/colcy8A1Yp1ctynwcR1sOnSpYgwb9q1RpMSi+mh1Pimk4mb+IDL In2A8AQVNdBJKKh8/Hm05PuSIcPM6o5DC2g0FogeDz1d/W+wAAAeC5Pe3E7WIy1Z+YhM5s EEoMUBt3pUvMw+CkSbOumokcjX0KQUcVCcTY4Jx6446oO9vOWjF2IPecF1zsH5kfDpGoiG CYt2gKCsWKKnb0AINPG+fJhjZAo6UgY6BEVMkPhDMZ1fqdSO0p9296aSju+D6BtMye+O7/ vWbA6yZ2agK9JBMdFbdKfy7ThSnsGDJl6ikR2Jiv9hikEguEnvBUmL7PeNt6TTVPEu1OFi GVkKv/6LAv4Ek1y+vwfOAM2mYw3lGAZlBlcHN3w851jd/zuy5R5ZHh/Lq+J0PLXH04yGgA LYBHXOnk1gMfjFQXqElqcvHctM4/0BCLFI7amsGh/tlK8E63GfnHrovA67dChiKIMD4K8A cheY2bC2bTeNnNIMNUGpqY/NSGViG53DPzhql8HUSTw0toriC4t4x1Lrvv5is1Rv5PQE71 6EGo5MW6sj+q5fZJJeRxM/ipAHoIVdz/Stmn0tz5oCmDt2T3t+vU5IOo2iHSGrBY2xKP3t kceemtmN3LnJE+yKvK9b7t86rbgjuQtN/9HLA5XrbY6yVgfSONmieVFqGIYyg3IBrAn6Pj eA3GwsMvpo6FPsArZgtewGliqpLbnunaBHwbWspHnxCw/dmuIFGzdXQTb63syVw= -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAJCRDlbrVFe9gpBy3i7JqUxyOqfsRbIRXKIs97hoP+m3SceQUD42m55HmQz2ePiZrFlu7qzh15hYTb8AZrlDqFHVrG/09ycvuH1WVn5GbiHALF07gGG/wahtiR+yrheLzA6/SwoKQLs17vwT+d1HBlAyDdp50D6Y5UOHhA3xS5/ZAAAAFQCvpNUGASFt+O9qDLo+DtosGKWgQwAAAIAd3taOQmZR3FYgE1D8oQYSwIJiRMFFg5xL7SfxIRt8iGfJ66r18xXBzkn79gP0YZBX0/AqB5Ql3xxmhbBaNK6n9WdlTi+kh+4+IcGVwiRqbu68x81yYoV9HqORAKGW+vMQzMhUcqj2twzmWdm0JTBgK+c6LnpaCgz2vrdIsWP6BwAAAIA6yQTsZftdfKhA05pj/6ut6uqEi9lY8ciWMRIJ0tf87jI9qO/yKE7NVL9HTq4M/ktx6VhOwz/colcy8A1Yp1ctynwcR1sOnSpYgwb9q1RpMSi+mh1Pimk4mb+IDLIn2A8AQVNdBJKKh8/Hm05PuSIcPM6o5DC2g0FogeDz1d/W+w==" set source built-in next edit "g-Fortinet_SSH_ECDSA256" set password ENC YtqL6606qTEQSqRT3aXAaBvPX4AWxzfkUQ61/jcWQulomr/HFEMls9NqqWYiZy5URtq3Ur95ZWinrBGQNxOF4GdiLyUzn9I1r4rygnqrWK0W3CX/lC6sgMJSsGEwUXfGkMUNLWnKTywkvN0HEf7TI1pOxCSn/78eY+7heRHawH+Ms6fToQSnrzPOgs6PJOXMAD/4mg== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAgxB+uyS /b3Ohw2u/tNQtoAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz dHAyNTYAAABBBLcsDyc3TyBdpudM2mowqlrobk1o20TQhrcQ6rPLLkrvqeb0BvfSruDdZF zNyWiG+EOH/C3L2f/7U75S+BhwZgQAAACgFXH2k2V5RsHsbQPNDSRCJd03yVRpUlUVhCFo UU5I01oNeromae/CoBDDzgf6Cq1Nia71JqXHzE9cEkG5kKNPJ5G4ksMAKFNPZ9T1d6x5j4 sl7aN/6SxIAiU1dS4wwNDNw1mO4Vx2UtIwMgMvhaEKMUWvS/3AKYN8oqWWzzOcvK8MKcTf eajy/6HBu5E8021xIaaw8JFSlhCEFVPHXrgeVw== -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLcsDyc3TyBdpudM2mowqlrobk1o20TQhrcQ6rPLLkrvqeb0BvfSruDdZFzNyWiG+EOH/C3L2f/7U75S+BhwZgQ=" set source built-in next edit "g-Fortinet_SSH_ECDSA384" set password ENC fMBTlP1Bk8vBofyN5hhRtaBfNey/SmzFpP3j+FoNt9NPD4IVoKZSGleNhpJ8nzSOrbYeyYNocah53RxXjWTxQ7S1cjsaX2zXKvn0QJZgQiMZWOVUTyfKnsi14rDnAWLwLI3lfAQVDmJPFxtn41DgDvkHV7Sey7SFavDqXdpknJ+WFhLlXAHkXI1wL9ocmhdh2FUQYQ== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB797K0XU rrx46MY1Gb902+AAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz dHAzODQAAABhBGq7JipF3Vpr9gf49LwLbwA3KDPNCUQm+PDzA4EpK9NArtf1V6dOKLOl+G XN1yW1gbf2EA7EtMG4CJRAu914yvqOjPIgYPob3TA3O2DyCj7lE9eJluNSWx0q2qsH/EfO sgAAANDOtIBhNZ1vi/lfIVrWku9Bu0WHxoxeiPtsyLdVzYjuLJ/8Onr6NotSYJtkOhEoNo QgsYnk+tuHjJiSMO5fwCoZuA71oMmV6uSWviOrtcn+wiU7UaHzTuqoJnABZQBQJ9z55lx1 B21662vWhhP+bQefIXlgg255ymtlNoI5JG0Ur3W8y6bInmpA7fCXdR+FsHGjKhxrIhWWlm N7NHPfEtAcrS5J9nYJrpxxPbUVa+gRVQZi5Ue+vKOZsFqTL0i116BwKCAa62WZxWSpv+tA R2fJ -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGq7JipF3Vpr9gf49LwLbwA3KDPNCUQm+PDzA4EpK9NArtf1V6dOKLOl+GXN1yW1gbf2EA7EtMG4CJRAu914yvqOjPIgYPob3TA3O2DyCj7lE9eJluNSWx0q2qsH/EfOsg==" set source built-in next edit "g-Fortinet_SSH_ECDSA521" set password ENC LkkTcnG88DXrdh9K9/ufsnHk8f2Sy6yPg/Jy5dhFwxC3cVx3NzCPqcWZownALwW31UjNgV7FhVcF5BgD3G8I2rsq9b2fsHH9H4t0AXcqczbgksOS83+Lj0fe2b9ckQOifu8s3i2L96EJco4zB3kRiIHISN2vZU7qqVGKykvNLr+SkTyDbq/FOiM9j2Fb7+N/jxA6aw== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAElD6vL9 aowy4A3i81VKmhAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz dHA1MjEAAACFBAHoR+TlwEh8u0U6L7wGS8Vk3UwsQUkTzIuaiZEUYGzi7qAlMmA1ucPxYp sIN+Pn9ZlB4PAeJ8tO/nFqisVTMVyJHwGarW26tdZxNBg7Lpgp1oz0Mm2IbRLXzQ5hPtJG RLlzcpqJJK7uHVc2XqIg5B3ytoCo0sE2Lp9blumPuRpXlBfQCgAAAQD4lRJQA/8Ly9pIvN gLjFqXp0lwjTtjHDASNRO08hbR5BVQNdW5nk7L6Z0J1lZ2JdxVgvxsRQL6zLCUkcSMomjy kmkfFmlnVoZv3rIONnHjY9AOeSINyQKME/ykcSXbJ03aUPfexvbHwCUVuG+O97ppvFMYJP WPFdG1wx4Rmx4RoG8Qd7pLhJuSmSF2rvo5oi2a2+ZUBGrX2I2UE2aQM0uMXUXO/o/1MjlD Z4ypOTxSZBpvGUnoEKKzkiF3lSI2aU3rpk+nLppxNvYPXzTETLc+zmT2SLXUiNOP2ZSctZ Yq30iCFNq9ImETlbkpxJe+U7sl0khI24JpQ0fVllzK8ZnJ -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHoR+TlwEh8u0U6L7wGS8Vk3UwsQUkTzIuaiZEUYGzi7qAlMmA1ucPxYpsIN+Pn9ZlB4PAeJ8tO/nFqisVTMVyJHwGarW26tdZxNBg7Lpgp1oz0Mm2IbRLXzQ5hPtJGRLlzcpqJJK7uHVc2XqIg5B3ytoCo0sE2Lp9blumPuRpXlBfQCg==" set source built-in next edit "g-Fortinet_SSH_ED25519" set password ENC jtfbolL2v0Fm3P7pRfPLPRGnclDg1Z6rgLSuDqyMbyXKqoghcsqCkm2PYYPaWkuPVikzHf9TEaXHUQC8OSRo7wv4ixjQ2aBoMM8dGbzzTk3Q6ZZkVhWMAZjx8gtiZEp8Onk4XC41w/0p5XallRlqQFgb7uBmSPZ4arcvbd2RQGFZ9F3Zb54+Rf506N9obrgbH9YpFw== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB3v+TA9S iCcSbK5lD0lmZCAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDjxUcZ6C9nyjr/A FOzQrqhsFmhylYXreBIalg9Gt3V8AAAAkNsk80BU1XEl5mHMFwbNHD1DlP3eIh4t2wTYk4 ysKwLoGkfW0Ldd8mKJIJxfkDaBtJ5fTc9uTCCPkP6xRIbF7CN0IYDWREG/F/AatgqdysWG NxtZu8wLzC7TVLVC917Z78ztCrWbyZerui/ZvZQO2vru4n+vrVlHvDjtqfgJonenXD4Qcz MJjiw1CFWL/SN/AQ== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDjxUcZ6C9nyjr/AFOzQrqhsFmhylYXreBIalg9Gt3V8" set source built-in next end config firewall ssh local-ca edit "g-Fortinet_SSH_CA" set password ENC kvBNQt7+Ur20JVsrznRhDmhaCyzXvsG0C/7J+4MP+Af6uWypiH5f7Uqvz331CenKf7P9inFTKxqG5GIou4kqoVH2KuM4h6Fdlty7HCcitvzG/GrnQaUiEHrXSeuNV2AWugiICFO5TT2itPGyNNNxBfwqBY+QcYSC/fKyviQhJ5c6iRodd2/T+AG884p1jFSLrRGK7g== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBdjIUQji P+LfEkEEruoLLkAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD3Bapmtn3T x0H2Ts0T8te8BPZuZK1q6eZYvCu9W1oQm6S/ePWlYDdna2l01vbMLolxClRFADtOXp1ZPb JkM1E4c7fS2G4vLkfafVpADuLWSfrlI7MmDce8IdhAf5bJUDgfUxUMCwrhVWFfxYTJyxz2 6iV5/9R8a9JVz4KSujZv5CeOjGpF6aTlk+DpYELCnxQyIJdC0xgO77omQVD+HLMB5RY1Pa 56R2vkltf9StHzfcIy1sBIWhcrNHd0YKeFN6Ly6WVtp8DbRg6Z/irb46lET8K3AwjZfWTt bMt3Oj9dPxI3gcBrbThceR50wbiW/tXjzzRjkdc2AxxbvwYBZUWDAAADwFX53XisKeYa/q nfDub/ybBYP6Gr23u1q9vI6hoE4gNGRJd3eYn8JlSX7XnAnPKB6dH4FLznpOxTRTjy48Ci OpOajhy5MUHVOJ9pK8DXy8wleyMKTCIrzP9npeLSNomax4tMaAUwLm3QlA4VDKIHjsg3Fz fPY4LlsdOGF0WU9EurewfS/hszabVExTxAoVu41hzhlerzj2Z8bJ49tyigKH50pv11wjOS 2ecdM0+KMBwTU6VqT76CtyQcF4yWHas1JeO6AXlX5p9X2QmM8S/1+m1TYuNW6QdcPd+MS1 emmr0qdLeGapsXwi3G+mAYPVGF7fGJNaLF9Nxl5jdKsiVqxPg+8SgEgo+NdLxdx2X4+Hs8 LyuUWizCdRJlT+9kwPoEKZnJ8QFVC76Cb1mY9h5Rk0YZE9oievDatqEZxEjmxEiRDcW5B5 R07xWB3eb2Roh739GEWiLMpj97NrfW7xG5sxNgx6gKvHuTrjybLVYVbPvLOotmmEogOpjN ErWrPhfNxJgL1EjQGJ9HqVG4492FLFMHhPEdy2mVQvbzj5xiizN7o67I3keXCzoBKSQ4Ho NfKFII1YEsjHkDfqDSMgbhnD9s60FSu/GXHBRzrLQ7H3m3swnCxEwZpgJLcovzzOoAUI34 rcXdx8r1eDZW3NwKP9t3r2du+cr+VbcTjXdFssLdGT5mM62FwZz08U+CpPGCYH5E1xoQOS TA3kC+b8+QS3jgFM9ES54SqLeEHinJgGXstd5lQyQkmP8ukoVynju1PglmZbSX4SelRuR1 +B8fTeRNNYq1TVa0ptewI0yeS3rKJJWUdhv8yg3aQNM47/d6Onvvw2h6s6yXi1AouG0TVa JjcM9Wx5i1NdIVmtVhtyKTxmSle+X2n37OPmAuJRfIiTxj8TqILglVULezahh1R9QOVuaz ASB3j6EHQ70GUxdcgiWQgNOuuSNPbMdCCXQi+CZEaKDcShL4zXQvH7p4xaJbc5yi4Axtvh kdGQqyDoF36vHNrdMFQW2U5iIDDzADLHP7JCrR1W/V0wktPJYUYtZKkDgphVLGHVE+knxS 54+b9AKUUb/ez+qjYd+Fzk/cCwZUmMYJ5a7Tx4qONvivBJ2+6kNuAdRsWEnQCsdAl/TWe4 wVYklPk225UCmFMzwW/UvtUvOTCF3d0afp/6tADDPqeC0sltpbiiaEGNXRas49L52sX9qr GOrVRdXuBNyhRy9bhfJWy78HEhaH5LWmMQsudrw/QU54A64k75/wgpxU8++s+HGF7+24kT 3d+Mocww== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3Bapmtn3Tx0H2Ts0T8te8BPZuZK1q6eZYvCu9W1oQm6S/ePWlYDdna2l01vbMLolxClRFADtOXp1ZPbJkM1E4c7fS2G4vLkfafVpADuLWSfrlI7MmDce8IdhAf5bJUDgfUxUMCwrhVWFfxYTJyxz26iV5/9R8a9JVz4KSujZv5CeOjGpF6aTlk+DpYELCnxQyIJdC0xgO77omQVD+HLMB5RY1Pa56R2vkltf9StHzfcIy1sBIWhcrNHd0YKeFN6Ly6WVtp8DbRg6Z/irb46lET8K3AwjZfWTtbMt3Oj9dPxI3gcBrbThceR50wbiW/tXjzzRjkdc2AxxbvwYBZUWD" set source built-in next edit "g-Fortinet_SSH_CA_Untrusted" set password ENC kqzQ3dJER//5s19+AYwfTnzwzAig5P70l5uWqMQWrP1sRcH/t7OSmWLW83YUB0YBJwH0aZW0MeQC1LmETcLqvoG7DBhPM0PLJ2k1cx2FaUiAASIyULY208BBJeoao7MsX7Ei14H5ZNOwagv8ikwOqQaTatUtvw5MzV3n4mJQT8gppQElPbRtnNAY2r+ik3N0phww3g== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBBU+v+2X 6+IaHWapdpA0gFAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCrGcoZpqhW B+Sgh64AzYFMNgP14oyZh6D9pDW4Xy7vK7Y1iIZxAy1lBIG+jvGNNbKmZnd4B21snbrcgO HOxIIiM5f8kHABHr4v+SWsRm3rSOvFL2/pSnltlnRcJu7GYlIIWDOEy6tIkhoqDfiZrWK3 TFrBk0I78xhINRUlolv12XU/By7Zb0GLti2KjuUkBM4e6zUZlS8KADGGuriwhjymL1gCrQ UTfqKvyF7q65LwpVSxT+/SAhDAzP3PtImvHFe5zSnpyPtqAAf0MgkV4rA0ube2DyDQuqtw CdK6VJkzn567h25a7RHBxnv1GRMUXpbn3BsQ4JvG73iS8HSNQERNAAADwPnvpz3UMjW7+o GbkPKHwDhGp+zxYMl1giY2FAHLcXOTua3j4+UAAJL6JE4TBS8/nR6n4pBuc6ixxX4sk5wY QF24xwF30bfeaNeT0MvygAn4LCpS1z5trsDw1tkfrLTV9+h7eIhdMevBZwo2O0oZrnqBKw qnJqELONJl6D6deZo6t5hwUqcsUEWSntSBRmrmTpA0wfHCR/8KW2dye00+gRfGUkVXR9hW lplZJcLKYGimWpkgiY/ke31UlcArwf0pcW5lbodu25/5OgOeKISvhOTQXvIb9qiZFslVsc lR9HlCDLTp1Vt1Uc+ImWWMHNiEQjqBOfZXStScHWeXswWE+FkkpokjgO6rqwbIv+Jx7AOP HsQ7sYF4GOq7H+4qgz/0HeGD0gYXxGKaWX3iRPszG1DRti4DC77UWKNt0xS9HnH1Z5MTBY aLZdvPS0QCq65dLIFld8O9zkK5KlkiqH3SzHqWxYi1M1KFw6Yhc8VnP6RjLuk3DpGRVvif butBiJBNU9aIvAogWal4CUIPq4Uet9xdMGxmtw6cJIW9899tMK9NMgQaqE2TA3iETueXjR go5Q3Td+6lXDBKvosi6SaO2YLelPl61BZH1HVwPrr8ry4PbLRX4DLtes8bbQXOhRt2mp5h NT0APqk/sdR2eClu1cKDsevr42e2a7MOYU9GKSYQ6G75oSwzRBInCc+8M7NpQm1QZ1ISKq 0FhB2BNViECmDWwm4be92VAwygLarqq/mNGGoLOkyYDGOcQGcnc22gzhrMPj8FO8EIBlbU KspJUsPQfw83F0590238e6n4SYz8cDLlFQ3b3TnHjFqDYnzLezmkktqBEOAObl1Y3jjWT2 z4esWwQOBzZXpBb91alp3gZ5v043/g+LWxpddiqQ47WtGbT0rzQfPUBvdytTAHgs5Ccpxu 7TMIp59yiePOyTTlx+96q/eDysafiE8bpJW4mHg6B5c2+0ca0aqZTNPQivH1uX9yn3x/N4 IblXOzzJ7cECq+DTu9dQlln/atSsp9O2ccPJcN9dAPPwtWFhES+CRVSVE0mX8xeWD1KKse Bm2tuQBktJb+yFBD4TQ6kHtJjAwQ8y7co/yq3NLwgRc06BqDj1lpqCnf93SgqrIN/9nzxD CgzIo44p1bj0s3N9frJrRHTBmYqYq+WgtwsbD71YKhltN2/31dxc7vKpem6sFtawVVXhfI zKdTBoTERihpqf05EhE243UbtuwSThlGoDqnNkpWnyqbZBtZqzKxDZmPjqdbrN4Xa80dkX 96BzOSHg== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrGcoZpqhWB+Sgh64AzYFMNgP14oyZh6D9pDW4Xy7vK7Y1iIZxAy1lBIG+jvGNNbKmZnd4B21snbrcgOHOxIIiM5f8kHABHr4v+SWsRm3rSOvFL2/pSnltlnRcJu7GYlIIWDOEy6tIkhoqDfiZrWK3TFrBk0I78xhINRUlolv12XU/By7Zb0GLti2KjuUkBM4e6zUZlS8KADGGuriwhjymL1gCrQUTfqKvyF7q65LwpVSxT+/SAhDAzP3PtImvHFe5zSnpyPtqAAf0MgkV4rA0ube2DyDQuqtwCdK6VJkzn567h25a7RHBxnv1GRMUXpbn3BsQ4JvG73iS8HSNQERN" set source built-in next end config system cluster-sync end config system fortiguard set sdns-server-ip "3.4.5.6" end config ips global end config wireless-controller utm-profile edit "g-wifi-default" set comment "Default configuration for offloading WiFi traffic." set ips-sensor "g-wifi-default" set application-list "g-wifi-default" set antivirus-profile "g-wifi-default" set webfilter-profile "g-wifi-default" next end config system email-server set server "notification.fortinet.net" set port 465 set security smtps end config system session-helper edit 1 set name pptp set protocol 6 set port 1723 next edit 2 set name h323 set protocol 6 set port 1720 next edit 3 set name ras set protocol 17 set port 1719 next edit 4 set name tns set protocol 6 set port 1521 next edit 5 set name tftp set protocol 17 set port 69 next edit 6 set name rtsp set protocol 6 set port 554 next edit 7 set name rtsp set protocol 6 set port 7070 next edit 8 set name rtsp set protocol 6 set port 8554 next edit 9 set name ftp set protocol 6 set port 21 next edit 10 set name mms set protocol 6 set port 1863 next edit 11 set name pmap set protocol 6 set port 111 next edit 12 set name pmap set protocol 17 set port 111 next edit 13 set name sip set protocol 17 set port 5060 next edit 14 set name dns-udp set protocol 17 set port 53 next edit 15 set name rsh set protocol 6 set port 514 next edit 16 set name rsh set protocol 6 set port 512 next edit 17 set name dcerpc set protocol 6 set port 135 next edit 18 set name dcerpc set protocol 17 set port 135 next edit 19 set name mgcp set protocol 17 set port 2427 next edit 20 set name mgcp set protocol 17 set port 2727 next end config system auto-install set auto-install-config enable set auto-install-image enable end config system ntp set ntpsync enable end end config vdom edit root config system object-tagging edit "default" next end config system settings set opmode transparent set inspection-mode flow set manageip 1.2.3.4/255.255.255.255 end config system arp-table edit 1 set ip 10.10.8.20 set mac 00:00:5e:00:01:01 next end config system replacemsg-group edit "default" set comment "Default replacement message group." next end config firewall address edit "none" set uuid cae1ac5c-24b8-51e9-4a4a-f39269ee6530 set subnet 0.0.0.0 255.255.255.255 next edit "autoupdate.opera.com" set uuid cae1cbe2-24b8-51e9-1501-4730e1f94b07 set type fqdn set fqdn "autoupdate.opera.com" next edit "google-play" set uuid cae1edb6-24b8-51e9-1348-aff50933c805 set type fqdn set fqdn "play.google.com" next edit "swscan.apple.com" set uuid cae20f30-24b8-51e9-7cb5-0933675c142b set type fqdn set fqdn "swscan.apple.com" next edit "update.microsoft.com" set uuid cae23078-24b8-51e9-80d0-33ea609fb8ed set type fqdn set fqdn "update.microsoft.com" next edit "all" set uuid cc4d63ec-24b8-51e9-f602-bb0550e363bb next edit "FIREWALL_AUTH_PORTAL_ADDRESS" set uuid cc4d6af4-24b8-51e9-8d3e-232d5c35bb80 set visibility disable next end config firewall multicast-address edit "all_hosts" set start-ip 224.0.0.1 set end-ip 224.0.0.1 next edit "all_routers" set start-ip 224.0.0.2 set end-ip 224.0.0.2 next edit "Bonjour" set start-ip 224.0.0.251 set end-ip 224.0.0.251 next edit "EIGRP" set start-ip 224.0.0.10 set end-ip 224.0.0.10 next edit "OSPF" set start-ip 224.0.0.5 set end-ip 224.0.0.6 next edit "all" set start-ip 224.0.0.0 set end-ip 239.255.255.255 next end config firewall address6 edit "all" set uuid cae25422-24b8-51e9-017c-e778c7763bc1 next edit "none" set uuid cae26f20-24b8-51e9-45ae-ab92bf6fe545 set ip6 ::/128 next end config firewall multicast-address6 edit "all" set ip6 ff00::/8 next end config firewall service category edit "General" set comment "General services." next edit "Web Access" set comment "Web access." next edit "File Access" set comment "File access." next edit "Email" set comment "Email services." next edit "Network Services" set comment "Network services." next edit "Authentication" set comment "Authentication service." next edit "Remote Access" set comment "Remote access." next edit "Tunneling" set comment "Tunneling service." next edit "VoIP, Messaging & Other Applications" set comment "VoIP, messaging, and other applications." next edit "Web Proxy" set comment "Explicit web proxy." next end config firewall service custom edit "ALL" set category "General" set protocol IP next edit "ALL_TCP" set category "General" set tcp-portrange 1-65535 next edit "ALL_UDP" set category "General" set udp-portrange 1-65535 next edit "ALL_ICMP" set category "General" set protocol ICMP unset icmptype next edit "ALL_ICMP6" set category "General" set protocol ICMP6 unset icmptype next edit "GRE" set category "Tunneling" set protocol IP set protocol-number 47 next edit "AH" set category "Tunneling" set protocol IP set protocol-number 51 next edit "ESP" set category "Tunneling" set protocol IP set protocol-number 50 next edit "AOL" set visibility disable set tcp-portrange 5190-5194 next edit "BGP" set category "Network Services" set tcp-portrange 179 next edit "DHCP" set category "Network Services" set udp-portrange 67-68 next edit "DNS" set category "Network Services" set tcp-portrange 53 set udp-portrange 53 next edit "FINGER" set visibility disable set tcp-portrange 79 next edit "FTP" set category "File Access" set tcp-portrange 21 next edit "FTP_GET" set category "File Access" set tcp-portrange 21 next edit "FTP_PUT" set category "File Access" set tcp-portrange 21 next edit "GOPHER" set visibility disable set tcp-portrange 70 next edit "H323" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1720 1503 set udp-portrange 1719 next edit "HTTP" set category "Web Access" set tcp-portrange 80 next edit "HTTPS" set category "Web Access" set tcp-portrange 443 next edit "IKE" set category "Tunneling" set udp-portrange 500 4500 next edit "IMAP" set category "Email" set tcp-portrange 143 next edit "IMAPS" set category "Email" set tcp-portrange 993 next edit "Internet-Locator-Service" set visibility disable set tcp-portrange 389 next edit "IRC" set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit "L2TP" set category "Tunneling" set tcp-portrange 1701 set udp-portrange 1701 next edit "LDAP" set category "Authentication" set tcp-portrange 389 next edit "NetMeeting" set visibility disable set tcp-portrange 1720 next edit "NFS" set category "File Access" set tcp-portrange 111 2049 set udp-portrange 111 2049 next edit "NNTP" set visibility disable set tcp-portrange 119 next edit "NTP" set category "Network Services" set tcp-portrange 123 set udp-portrange 123 next edit "OSPF" set category "Network Services" set protocol IP set protocol-number 89 next edit "PC-Anywhere" set category "Remote Access" set tcp-portrange 5631 set udp-portrange 5632 next edit "PING" set category "Network Services" set protocol ICMP set icmptype 8 unset icmpcode next edit "TIMESTAMP" set protocol ICMP set visibility disable set icmptype 13 unset icmpcode next edit "INFO_REQUEST" set protocol ICMP set visibility disable set icmptype 15 unset icmpcode next edit "INFO_ADDRESS" set protocol ICMP set visibility disable set icmptype 17 unset icmpcode next edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 next edit "DCE-RPC" set category "Remote Access" set tcp-portrange 135 set udp-portrange 135 next edit "POP3" set category "Email" set tcp-portrange 110 next edit "POP3S" set category "Email" set tcp-portrange 995 next edit "PPTP" set category "Tunneling" set tcp-portrange 1723 next edit "QUAKE" set visibility disable set udp-portrange 26000 27000 27910 27960 next edit "RAUDIO" set visibility disable set udp-portrange 7070 next edit "REXEC" set visibility disable set tcp-portrange 512 next edit "RIP" set category "Network Services" set udp-portrange 520 next edit "RLOGIN" set visibility disable set tcp-portrange 513:512-1023 next edit "RSH" set visibility disable set tcp-portrange 514:512-1023 next edit "SCCP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit "SIP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 5060 set udp-portrange 5060 next edit "SIP-MSNmessenger" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit "SAMBA" set category "File Access" set tcp-portrange 139 next edit "SMTP" set category "Email" set tcp-portrange 25 next edit "SMTPS" set category "Email" set tcp-portrange 465 next edit "SNMP" set category "Network Services" set tcp-portrange 161-162 set udp-portrange 161-162 next edit "SSH" set category "Remote Access" set tcp-portrange 22 next edit "SYSLOG" set category "Network Services" set udp-portrange 514 next edit "TALK" set visibility disable set udp-portrange 517-518 next edit "TELNET" set category "Remote Access" set tcp-portrange 23 next edit "TFTP" set category "File Access" set udp-portrange 69 next edit "MGCP" set visibility disable set udp-portrange 2427 2727 next edit "UUCP" set visibility disable set tcp-portrange 540 next edit "VDOLIVE" set visibility disable set tcp-portrange 7000-7010 next edit "WAIS" set visibility disable set tcp-portrange 210 next edit "WINFRAME" set visibility disable set tcp-portrange 1494 2598 next edit "X-WINDOWS" set category "Remote Access" set tcp-portrange 6000-6063 next edit "PING6" set protocol ICMP6 set visibility disable set icmptype 128 unset icmpcode next edit "MS-SQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit "MYSQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit "RDP" set category "Remote Access" set tcp-portrange 3389 next edit "VNC" set category "Remote Access" set tcp-portrange 5900 next edit "DHCP6" set category "Network Services" set udp-portrange 546 547 next edit "SQUID" set category "Tunneling" set tcp-portrange 3128 next edit "SOCKS" set category "Tunneling" set tcp-portrange 1080 set udp-portrange 1080 next edit "WINS" set category "Remote Access" set tcp-portrange 1512 set udp-portrange 1512 next edit "RADIUS" set category "Authentication" set udp-portrange 1812 1813 next edit "RADIUS-OLD" set visibility disable set udp-portrange 1645 1646 next edit "CVSPSERVER" set visibility disable set tcp-portrange 2401 set udp-portrange 2401 next edit "AFS3" set category "File Access" set tcp-portrange 7000-7009 set udp-portrange 7000-7009 next edit "TRACEROUTE" set category "Network Services" set udp-portrange 33434-33535 next edit "RTSP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 554 7070 8554 set udp-portrange 554 next edit "MMS" set visibility disable set tcp-portrange 1755 set udp-portrange 1024-5000 next edit "KERBEROS" set category "Authentication" set tcp-portrange 88 464 set udp-portrange 88 464 next edit "LDAP_UDP" set category "Authentication" set udp-portrange 389 next edit "SMB" set category "File Access" set tcp-portrange 445 next edit "NONE" set visibility disable set tcp-portrange 0 next edit "webproxy" set proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 0-65535:0-65535 next end config firewall service group edit "Email Access" set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit "Web Access" set member "DNS" "HTTP" "HTTPS" next edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next end config webfilter ftgd-local-cat edit "custom1" set id 140 next edit "custom2" set id 141 next end config ips sensor edit "all_default" set comment "All predefined signatures with default setting." config entries edit 1 next end next edit "all_default_pass" set comment "All predefined signatures with PASS action." config entries edit 1 set action pass next end next edit "protect_http_server" set comment "Protect against HTTP server-side vulnerabilities." config entries edit 1 set location server set protocol HTTP next end next edit "protect_email_server" set comment "Protect against email server-side vulnerabilities." config entries edit 1 set location server set protocol SMTP POP3 IMAP next end next edit "protect_client" set comment "Protect against client-side vulnerabilities." config entries edit 1 set location client next end next edit "high_security" set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" config entries edit 1 set severity medium high critical set status enable set action block next edit 2 set severity low next end next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config application list edit "block-high-risk" config entries edit 1 set category 2 6 next edit 2 set action pass next end next end config dlp filepattern edit 1 set name "builtin-patterns" config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" next edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end next edit 2 set name "all_executables" config entries edit "bat" set filter-type type set file-type bat next edit "exe" set filter-type type set file-type exe next edit "elf" set filter-type type set file-type elf next edit "hta" set filter-type type set file-type hta next end next end config dlp fp-sensitivity edit "Private" next edit "Critical" next edit "Warning" next end config dlp sensor edit "Content_Summary" set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi next edit "Content_Archive" set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi next edit "Large-File" config filter edit 1 set name "Large-File-Filter" set proto smtp pop3 imap http-get http-post mapi set filter-by file-size set file-size 5120 set action log-only next end next edit "Credit-Card" config filter edit 1 set name "Credit-Card-Filter" set severity high set proto smtp pop3 imap http-get http-post mapi set action log-only next edit 2 set name "Credit-Card-Filter" set severity high set type message set proto smtp pop3 imap http-post mapi set action log-only next end next edit "SSN-Sensor" set comment "Match SSN numbers but NOT WebEx invite emails." config filter edit 1 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap mapi set filter-by regexp set regexp "WebEx" next edit 2 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap mapi set filter-by ssn set action log-only next edit 3 set name "SSN-Sensor-Filter" set severity high set proto smtp pop3 imap http-get http-post ftp mapi set filter-by ssn set action log-only next end next end config webfilter ips-urlfilter-setting end config webfilter ips-urlfilter-setting6 end config log threat-weight config web edit 1 set category 26 set level high next edit 2 set category 61 set level high next edit 3 set category 86 set level high next edit 4 set category 1 set level medium next edit 5 set category 3 set level medium next edit 6 set category 4 set level medium next edit 7 set category 5 set level medium next edit 8 set category 6 set level medium next edit 9 set category 12 set level medium next edit 10 set category 59 set level medium next edit 11 set category 62 set level medium next edit 12 set category 83 set level medium next edit 13 set category 72 next edit 14 set category 14 next end config application edit 1 set category 2 next edit 2 set category 6 set level medium next end end config icap profile edit "default" next end config vpn certificate ca end config vpn certificate local edit "Fortinet_CA_SSL" set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set range global set source factory set last-updated 1548871170 next edit "Fortinet_CA_Untrusted" set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set range global set source factory set last-updated 1548871170 next edit "Fortinet_SSL" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548871170 next edit "Fortinet_SSL_RSA1024" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548871170 next edit "Fortinet_SSL_RSA2048" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548871170 next edit "Fortinet_SSL_DSA1024" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548871170 next edit "Fortinet_SSL_DSA2048" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548871170 next edit "Fortinet_SSL_ECDSA256" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548871170 next edit "Fortinet_SSL_ECDSA384" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548871170 next end config user local edit "guest" set type password set passwd-time 2019-01-30 09:59:33 set passwd ENC 4yXkMLI0bA9zthpLoccLu8ct91zCs9bnXJnySBVrWSLkgmDIBTVaNgXLp+wJznWG1+arhWZuiH9ECUIU2SsovMkXhmUPWDjN52XJU09CaVfNZyFprqt/pF6Vts6Hhqlc3MciyjpAXU4yS1P7KpGfNaXUFKeKlfRYePwEqOhm4w0io5fSj10TMTInlokzOeuhMAquIw== next end config user setting set auth-cert "Fortinet_Factory" end config user group edit "SSO_Guest_Users" next edit "Guest-group" set member "guest" next end config user device-group edit "Mobile Devices" set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" set comment "Phones, tablets, etc." next edit "Network Devices" set member "fortinet-device" "other-network-device" "router-nat-device" set comment "Routers, firewalls, gateways, etc." next edit "Others" set member "gaming-console" "media-streaming" set comment "Other devices." next end config voip profile edit "default" set comment "Default VoIP profile." next edit "strict" config sip set malformed-request-line discard set malformed-header-via discard set malformed-header-from discard set malformed-header-to discard set malformed-header-call-id discard set malformed-header-cseq discard set malformed-header-rack discard set malformed-header-rseq discard set malformed-header-contact discard set malformed-header-record-route discard set malformed-header-route discard set malformed-header-expires discard set malformed-header-content-type discard set malformed-header-content-length discard set malformed-header-max-forwards discard set malformed-header-allow discard set malformed-header-p-asserted-identity discard set malformed-header-sdp-v discard set malformed-header-sdp-o discard set malformed-header-sdp-s discard set malformed-header-sdp-i discard set malformed-header-sdp-c discard set malformed-header-sdp-b discard set malformed-header-sdp-z discard set malformed-header-sdp-k discard set malformed-header-sdp-a discard set malformed-header-sdp-t discard set malformed-header-sdp-r discard set malformed-header-sdp-m discard end next end config webfilter profile edit "monitor-all" set comment "Monitor and log all visited URLs, flow-based." set inspection-mode flow-based config ftgd-wf unset options config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 90 next edit 83 set category 91 next edit 84 set category 92 next edit 85 set category 93 next edit 86 set category 94 next edit 87 set category 95 next end end set log-all-url enable set web-content-log disable set web-filter-activex-log disable set web-filter-command-block-log disable set web-filter-cookie-log disable set web-filter-applet-log disable set web-filter-jscript-log disable set web-filter-js-log disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-referer-log disable set web-filter-cookie-removal-log disable set web-url-log disable set web-invalid-domain-log disable set web-ftgd-err-log disable set web-ftgd-quota-usage disable next end config webfilter search-engine edit "google" set hostname ".*\\.google\\..*" set url "^\\/((custom|search|images|videosearch|webhp)\\?)" set query "q=" set safesearch url set safesearch-str "&safe=active" next edit "yahoo" set hostname ".*\\.yahoo\\..*" set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" set query "p=" set safesearch url set safesearch-str "&vm=r" next edit "bing" set hostname ".*\\.bing\\..*" set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" set query "q=" set safesearch header next edit "yandex" set hostname "yandex\\..*" set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" set query "text=" set safesearch url set safesearch-str "&family=yes" next edit "youtube" set hostname ".*youtube.*" set safesearch header next edit "baidu" set hostname ".*\\.baidu\\.com" set url "^\\/s?\\?" set query "wd=" next edit "baidu2" set hostname ".*\\.baidu\\.com" set url "^\\/(ns|q|m|i|v)\\?" set query "word=" next edit "baidu3" set hostname "tieba\\.baidu\\.com" set url "^\\/f\\?" set query "kw=" next end config dnsfilter profile edit "default" set comment "Default dns filtering." config ftgd-dns config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end set block-botnet enable next end config antivirus settings set grayware enable end config spamfilter profile edit "default" set comment "Malware and phishing URL filtering." next edit "sniffer-profile" set comment "Malware and phishing URL monitoring." set flow-based enable next end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next edit "none" next end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next end config firewall ssl-ssh-profile edit "certificate-inspection" set comment "Read-only SSL handshake inspection profile." config https set ports 443 set status certificate-inspection end config ftps set status disable end config imaps set status disable end config pop3s set status disable end config smtps set status disable end config ssh set ports 22 set status disable end next edit "deep-inspection" set comment "Read-only deep inspection profile." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssh set ports 22 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type address set address "google-play" next edit 4 set type address set address "update.microsoft.com" next edit 5 set type address set address "swscan.apple.com" next edit 6 set type address set address "autoupdate.opera.com" next edit 7 set type wildcard-fqdn set wildcard-fqdn "g-android" next edit 8 set type wildcard-fqdn set wildcard-fqdn "g-apple" next edit 9 set type wildcard-fqdn set wildcard-fqdn "g-appstore" next edit 10 set type wildcard-fqdn set wildcard-fqdn "g-citrix" next edit 11 set type wildcard-fqdn set wildcard-fqdn "g-eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "g-google-drive" next edit 13 set type wildcard-fqdn set wildcard-fqdn "g-google-play2" next edit 14 set type wildcard-fqdn set wildcard-fqdn "g-google-play3" next edit 15 set type wildcard-fqdn set wildcard-fqdn "g-Gotomeeting" next edit 16 set type wildcard-fqdn set wildcard-fqdn "g-microsoft" next edit 17 set type wildcard-fqdn set wildcard-fqdn "g-adobe" next edit 18 set type wildcard-fqdn set wildcard-fqdn "g-Adobe Login" next edit 19 set type wildcard-fqdn set wildcard-fqdn "g-dropbox.com" next edit 20 set type wildcard-fqdn set wildcard-fqdn "g-fortinet" next edit 21 set type wildcard-fqdn set wildcard-fqdn "g-googleapis.com" next edit 22 set type wildcard-fqdn set wildcard-fqdn "g-icloud" next edit 23 set type wildcard-fqdn set wildcard-fqdn "g-itunes" next edit 24 set type wildcard-fqdn set wildcard-fqdn "g-skype" next edit 25 set type wildcard-fqdn set wildcard-fqdn "g-verisign" next edit 26 set type wildcard-fqdn set wildcard-fqdn "g-Windows update 2" next edit 27 set type wildcard-fqdn set wildcard-fqdn "g-auth.gfx.ms" next edit 28 set type wildcard-fqdn set wildcard-fqdn "g-softwareupdate.vmware.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "g-firefox update server" next edit 30 set type wildcard-fqdn set wildcard-fqdn "g-live.com" next end next edit "custom-deep-inspection" set comment "Customizable deep inspection profile." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssh set ports 22 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type address set address "google-play" next edit 4 set type address set address "update.microsoft.com" next edit 5 set type address set address "swscan.apple.com" next edit 6 set type address set address "autoupdate.opera.com" next edit 7 set type wildcard-fqdn set wildcard-fqdn "g-android" next edit 8 set type wildcard-fqdn set wildcard-fqdn "g-apple" next edit 9 set type wildcard-fqdn set wildcard-fqdn "g-appstore" next edit 10 set type wildcard-fqdn set wildcard-fqdn "g-citrix" next edit 11 set type wildcard-fqdn set wildcard-fqdn "g-eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "g-google-drive" next edit 13 set type wildcard-fqdn set wildcard-fqdn "g-google-play2" next edit 14 set type wildcard-fqdn set wildcard-fqdn "g-google-play3" next edit 15 set type wildcard-fqdn set wildcard-fqdn "g-Gotomeeting" next edit 16 set type wildcard-fqdn set wildcard-fqdn "g-microsoft" next edit 17 set type wildcard-fqdn set wildcard-fqdn "g-adobe" next edit 18 set type wildcard-fqdn set wildcard-fqdn "g-Adobe Login" next edit 19 set type wildcard-fqdn set wildcard-fqdn "g-dropbox.com" next edit 20 set type wildcard-fqdn set wildcard-fqdn "g-fortinet" next edit 21 set type wildcard-fqdn set wildcard-fqdn "g-googleapis.com" next edit 22 set type wildcard-fqdn set wildcard-fqdn "g-icloud" next edit 23 set type wildcard-fqdn set wildcard-fqdn "g-itunes" next edit 24 set type wildcard-fqdn set wildcard-fqdn "g-skype" next edit 25 set type wildcard-fqdn set wildcard-fqdn "g-verisign" next edit 26 set type wildcard-fqdn set wildcard-fqdn "g-Windows update 2" next edit 27 set type wildcard-fqdn set wildcard-fqdn "g-auth.gfx.ms" next edit 28 set type wildcard-fqdn set wildcard-fqdn "g-softwareupdate.vmware.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "g-firefox update server" next edit 30 set type wildcard-fqdn set wildcard-fqdn "g-live.com" next end next end config waf profile edit "default" config signature config main-class 100000000 set action block set severity high end config main-class 20000000 end config main-class 30000000 set status enable set action block set severity high end config main-class 40000000 end config main-class 50000000 set status enable set action block set severity high end config main-class 60000000 end config main-class 70000000 set status enable set action block set severity high end config main-class 80000000 set status enable set severity low end config main-class 110000000 set status enable set severity high end config main-class 90000000 set status enable set action block set severity high end set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002 end config constraint config header-length set status enable set log enable set severity low end config content-length set status enable set log enable set severity low end config param-length set status enable set log enable set severity low end config line-length set status enable set log enable set severity low end config url-param-length set status enable set log enable set severity low end config version set log enable end config method set action block set log enable end config hostname set action block set log enable end config malformed set log enable end config max-cookie set status enable set log enable set severity low end config max-header-line set status enable set log enable set severity low end config max-url-param set status enable set log enable set severity low end config max-range-segment set status enable set log enable set severity high end end next end config firewall policy edit 1 set name "wan1 - wan2" set uuid 586d680e-24cd-51e9-8225-da33c4eb7a32 set srcintf "wan1" set dstintf "wan2" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 2 set name "wan1 - wan3" set uuid 672dc3a2-24cd-51e9-9a15-9565737f16cf set srcintf "wan1" set dstintf "lan5" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 3 set name "wan1 - lan" set uuid 78c46738-24cd-51e9-b0c4-b493e3e657f6 set srcintf "wan1" set dstintf "lan4" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 4 set name "wan2 - wan1" set uuid 90d9b27e-24cd-51e9-791a-3466f12c6646 set srcintf "wan2" set dstintf "wan1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 5 set name "wan2 - wan3" set uuid a05ac418-24cd-51e9-1c51-2156ceba4be1 set srcintf "wan2" set dstintf "lan5" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 6 set name "wan2 - Lan" set uuid b25c2ba2-24cd-51e9-c160-2c9f219453cf set srcintf "wan2" set dstintf "lan4" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 7 set name "wan3 - wan1" set uuid d58f6d50-24cd-51e9-6858-e3712736e18c set srcintf "lan5" set dstintf "wan1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 8 set name "wan3 - wan2" set uuid e2be089c-24cd-51e9-5612-4ef74be60da4 set srcintf "lan5" set dstintf "wan2" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 9 set name "wan3 - Lan" set uuid fc49c6fc-24cd-51e9-19a7-122a98c8094f set srcintf "lan5" set dstintf "lan4" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 10 set name "Lan - wan1" set uuid 14da46b0-24ce-51e9-e01b-566a56d998d8 set srcintf "lan4" set dstintf "wan1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 11 set name "Lan - wan2" set uuid 23227896-24ce-51e9-758a-cfaac3663dda set srcintf "lan4" set dstintf "wan2" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next edit 12 set name "Lan - wan3" set uuid 31d7bbd0-24ce-51e9-7f85-ed851283863d set srcintf "lan4" set dstintf "lan5" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set fsso disable next end config firewall multicast-policy edit 1 set srcintf "any" set dstintf "any" set srcaddr "all" set dstaddr "all" next end config firewall ssh setting set caname "g-Fortinet_SSH_CA" set untrusted-caname "g-Fortinet_SSH_CA_Untrusted" set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048" set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024" set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256" set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384" set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521" set hostkey-ed25519 "g-Fortinet_SSH_ED25519" end config endpoint-control profile edit "default" config forticlient-winmac-settings end config forticlient-android-settings end config forticlient-ios-settings end next end config wireless-controller wids-profile edit "default" set comment "Default WIDS profile." set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default-wids-apscan-enabled" set ap-scan enable next end config wireless-controller wtp-profile edit "FAPU323EV-default" config platform set type U323EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU321EV-default" config platform set type U321EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU24JEV-default" config platform set type U24JEV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU223EV-default" config platform set type U223EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU221EV-default" config platform set type U221EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU423E-default" config platform set type U423E end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU422EV-default" config platform set type U422EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU421E-default" config platform set type U421E end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS223E-default" config platform set type S223E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS221E-default" config platform set type S221E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP224E-default" config platform set type 224E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP223E-default" config platform set type 223E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP222E-default" config platform set type 222E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP221E-default" config platform set type 221E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP423E-default" config platform set type 423E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP421E-default" config platform set type 421E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS423E-default" config platform set type S423E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS422E-default" config platform set type S422E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS421E-default" config platform set type S421E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS323CR-default" config platform set type S323CR end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS322CR-default" config platform set type S322CR end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS321CR-default" config platform set type S321CR end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS313C-default" config platform set type S313C end set handoff-sta-thresh 30 config radio-1 set band 802.11ac end next edit "FAPS311C-default" config platform set type S311C end set handoff-sta-thresh 30 config radio-1 set band 802.11ac end next edit "FAPS323C-default" config platform set type S323C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS322C-default" config platform set type S322C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS321C-default" config platform set type S321C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP321C-default" config platform set type 321C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP223C-default" config platform set type 223C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP112D-default" config platform set type 112D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP24D-default" config platform set type 24D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP21D-default" config platform set type 21D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FK214B-default" config platform set type 214B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP224D-default" config platform set type 224D end set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP222C-default" config platform set type 222C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP25D-default" config platform set type 25D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP221C-default" config platform set type 221C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP320C-default" config platform set type 320C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP28C-default" config platform set type 28C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP223B-default" config platform set type 223B end set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP14C-default" config platform set type 14C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP11C-default" config platform set type 11C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP320B-default" config platform set type 320B end set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP112B-default" config platform set type 112B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP222B-default" config platform set type 222B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11n-5G end next edit "FAP210B-default" config platform set type 210B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP220B-default" set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "AP-11N-default" config platform set type AP-11N end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next end config log memory setting set status enable end config log null-device setting set status disable end config system mac-address-table edit 00:00:5e:00:01:01 set interface "wan1" next end config router static edit 1 next end config router static6 edit 1 next end end config vdom edit MGMT config system object-tagging edit "default" next end config system settings set inspection-mode flow end config system replacemsg-group edit "default" set comment "Default replacement message group." next end config firewall address edit "none" set uuid 0278b92c-24b8-51e9-487e-4936a98070df set subnet 0.0.0.0 255.255.255.255 next edit "autoupdate.opera.com" set uuid 0278dc4a-24b8-51e9-e125-5374723d2fb9 set type fqdn set fqdn "autoupdate.opera.com" next edit "google-play" set uuid 027900f8-24b8-51e9-c943-4042a4680ed7 set type fqdn set fqdn "play.google.com" next edit "swscan.apple.com" set uuid 027922cc-24b8-51e9-d970-1fbe888229d3 set type fqdn set fqdn "swscan.apple.com" next edit "update.microsoft.com" set uuid 0279441e-24b8-51e9-234c-21f3889f5500 set type fqdn set fqdn "update.microsoft.com" next edit "SSLVPN_TUNNEL_ADDR1" set uuid 03dad2e6-24b8-51e9-e6e5-5244979f8464 set type iprange set associated-interface "ssl.MGMT" set start-ip 10.212.134.200 set end-ip 10.212.134.210 next edit "all" set uuid 03db2eb2-24b8-51e9-33ec-cf50267f79a3 next edit "FIREWALL_AUTH_PORTAL_ADDRESS" set uuid 03db3600-24b8-51e9-8daf-b7e40a74fdb4 set visibility disable next end config firewall multicast-address edit "all_hosts" set start-ip 224.0.0.1 set end-ip 224.0.0.1 next edit "all_routers" set start-ip 224.0.0.2 set end-ip 224.0.0.2 next edit "Bonjour" set start-ip 224.0.0.251 set end-ip 224.0.0.251 next edit "EIGRP" set start-ip 224.0.0.10 set end-ip 224.0.0.10 next edit "OSPF" set start-ip 224.0.0.5 set end-ip 224.0.0.6 next edit "all" set start-ip 224.0.0.0 set end-ip 239.255.255.255 next end config firewall address6 edit "all" set uuid 02796822-24b8-51e9-468c-1f00654d7075 next edit "none" set uuid 02798302-24b8-51e9-0ed7-ed512587a38d set ip6 ::/128 next edit "SSLVPN_TUNNEL_IPv6_ADDR1" set uuid 03dae01a-24b8-51e9-129c-40ae70b606b1 set ip6 fdff:ffff::/120 next end config firewall multicast-address6 edit "all" set ip6 ff00::/8 next end config firewall service category edit "General" set comment "General services." next edit "Web Access" set comment "Web access." next edit "File Access" set comment "File access." next edit "Email" set comment "Email services." next edit "Network Services" set comment "Network services." next edit "Authentication" set comment "Authentication service." next edit "Remote Access" set comment "Remote access." next edit "Tunneling" set comment "Tunneling service." next edit "VoIP, Messaging & Other Applications" set comment "VoIP, messaging, and other applications." next edit "Web Proxy" set comment "Explicit web proxy." next end config firewall service custom edit "ALL" set category "General" set protocol IP next edit "ALL_TCP" set category "General" set tcp-portrange 1-65535 next edit "ALL_UDP" set category "General" set udp-portrange 1-65535 next edit "ALL_ICMP" set category "General" set protocol ICMP unset icmptype next edit "ALL_ICMP6" set category "General" set protocol ICMP6 unset icmptype next edit "GRE" set category "Tunneling" set protocol IP set protocol-number 47 next edit "AH" set category "Tunneling" set protocol IP set protocol-number 51 next edit "ESP" set category "Tunneling" set protocol IP set protocol-number 50 next edit "AOL" set visibility disable set tcp-portrange 5190-5194 next edit "BGP" set category "Network Services" set tcp-portrange 179 next edit "DHCP" set category "Network Services" set udp-portrange 67-68 next edit "DNS" set category "Network Services" set tcp-portrange 53 set udp-portrange 53 next edit "FINGER" set visibility disable set tcp-portrange 79 next edit "FTP" set category "File Access" set tcp-portrange 21 next edit "FTP_GET" set category "File Access" set tcp-portrange 21 next edit "FTP_PUT" set category "File Access" set tcp-portrange 21 next edit "GOPHER" set visibility disable set tcp-portrange 70 next edit "H323" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1720 1503 set udp-portrange 1719 next edit "HTTP" set category "Web Access" set tcp-portrange 80 next edit "HTTPS" set category "Web Access" set tcp-portrange 443 next edit "IKE" set category "Tunneling" set udp-portrange 500 4500 next edit "IMAP" set category "Email" set tcp-portrange 143 next edit "IMAPS" set category "Email" set tcp-portrange 993 next edit "Internet-Locator-Service" set visibility disable set tcp-portrange 389 next edit "IRC" set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit "L2TP" set category "Tunneling" set tcp-portrange 1701 set udp-portrange 1701 next edit "LDAP" set category "Authentication" set tcp-portrange 389 next edit "NetMeeting" set visibility disable set tcp-portrange 1720 next edit "NFS" set category "File Access" set tcp-portrange 111 2049 set udp-portrange 111 2049 next edit "NNTP" set visibility disable set tcp-portrange 119 next edit "NTP" set category "Network Services" set tcp-portrange 123 set udp-portrange 123 next edit "OSPF" set category "Network Services" set protocol IP set protocol-number 89 next edit "PC-Anywhere" set category "Remote Access" set tcp-portrange 5631 set udp-portrange 5632 next edit "PING" set category "Network Services" set protocol ICMP set icmptype 8 unset icmpcode next edit "TIMESTAMP" set protocol ICMP set visibility disable set icmptype 13 unset icmpcode next edit "INFO_REQUEST" set protocol ICMP set visibility disable set icmptype 15 unset icmpcode next edit "INFO_ADDRESS" set protocol ICMP set visibility disable set icmptype 17 unset icmpcode next edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 next edit "DCE-RPC" set category "Remote Access" set tcp-portrange 135 set udp-portrange 135 next edit "POP3" set category "Email" set tcp-portrange 110 next edit "POP3S" set category "Email" set tcp-portrange 995 next edit "PPTP" set category "Tunneling" set tcp-portrange 1723 next edit "QUAKE" set visibility disable set udp-portrange 26000 27000 27910 27960 next edit "RAUDIO" set visibility disable set udp-portrange 7070 next edit "REXEC" set visibility disable set tcp-portrange 512 next edit "RIP" set category "Network Services" set udp-portrange 520 next edit "RLOGIN" set visibility disable set tcp-portrange 513:512-1023 next edit "RSH" set visibility disable set tcp-portrange 514:512-1023 next edit "SCCP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit "SIP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 5060 set udp-portrange 5060 next edit "SIP-MSNmessenger" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit "SAMBA" set category "File Access" set tcp-portrange 139 next edit "SMTP" set category "Email" set tcp-portrange 25 next edit "SMTPS" set category "Email" set tcp-portrange 465 next edit "SNMP" set category "Network Services" set tcp-portrange 161-162 set udp-portrange 161-162 next edit "SSH" set category "Remote Access" set tcp-portrange 22 next edit "SYSLOG" set category "Network Services" set udp-portrange 514 next edit "TALK" set visibility disable set udp-portrange 517-518 next edit "TELNET" set category "Remote Access" set tcp-portrange 23 next edit "TFTP" set category "File Access" set udp-portrange 69 next edit "MGCP" set visibility disable set udp-portrange 2427 2727 next edit "UUCP" set visibility disable set tcp-portrange 540 next edit "VDOLIVE" set visibility disable set tcp-portrange 7000-7010 next edit "WAIS" set visibility disable set tcp-portrange 210 next edit "WINFRAME" set visibility disable set tcp-portrange 1494 2598 next edit "X-WINDOWS" set category "Remote Access" set tcp-portrange 6000-6063 next edit "PING6" set protocol ICMP6 set visibility disable set icmptype 128 unset icmpcode next edit "MS-SQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit "MYSQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit "RDP" set category "Remote Access" set tcp-portrange 3389 next edit "VNC" set category "Remote Access" set tcp-portrange 5900 next edit "DHCP6" set category "Network Services" set udp-portrange 546 547 next edit "SQUID" set category "Tunneling" set tcp-portrange 3128 next edit "SOCKS" set category "Tunneling" set tcp-portrange 1080 set udp-portrange 1080 next edit "WINS" set category "Remote Access" set tcp-portrange 1512 set udp-portrange 1512 next edit "RADIUS" set category "Authentication" set udp-portrange 1812 1813 next edit "RADIUS-OLD" set visibility disable set udp-portrange 1645 1646 next edit "CVSPSERVER" set visibility disable set tcp-portrange 2401 set udp-portrange 2401 next edit "AFS3" set category "File Access" set tcp-portrange 7000-7009 set udp-portrange 7000-7009 next edit "TRACEROUTE" set category "Network Services" set udp-portrange 33434-33535 next edit "RTSP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 554 7070 8554 set udp-portrange 554 next edit "MMS" set visibility disable set tcp-portrange 1755 set udp-portrange 1024-5000 next edit "KERBEROS" set category "Authentication" set tcp-portrange 88 464 set udp-portrange 88 464 next edit "LDAP_UDP" set category "Authentication" set udp-portrange 389 next edit "SMB" set category "File Access" set tcp-portrange 445 next edit "NONE" set visibility disable set tcp-portrange 0 next edit "webproxy" set proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 0-65535:0-65535 next end config firewall service group edit "Email Access" set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit "Web Access" set member "DNS" "HTTP" "HTTPS" next edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next end config webfilter ftgd-local-cat edit "custom1" set id 140 next edit "custom2" set id 141 next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config dlp filepattern edit 1 set name "builtin-patterns" config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" next edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end next edit 2 set name "all_executables" config entries edit "bat" set filter-type type set file-type bat next edit "exe" set filter-type type set file-type exe next edit "elf" set filter-type type set file-type elf next edit "hta" set filter-type type set file-type hta next end next end config dlp fp-sensitivity edit "Private" next edit "Critical" next edit "Warning" next end config webfilter ips-urlfilter-setting end config webfilter ips-urlfilter-setting6 end config log threat-weight config web edit 1 set category 26 set level high next edit 2 set category 61 set level high next edit 3 set category 86 set level high next edit 4 set category 1 set level medium next edit 5 set category 3 set level medium next edit 6 set category 4 set level medium next edit 7 set category 5 set level medium next edit 8 set category 6 set level medium next edit 9 set category 12 set level medium next edit 10 set category 59 set level medium next edit 11 set category 62 set level medium next edit 12 set category 83 set level medium next edit 13 set category 72 next edit 14 set category 14 next end config application edit 1 set category 2 next edit 2 set category 6 set level medium next end end config icap profile edit "default" next end config vpn certificate ca end config vpn certificate local edit "Fortinet_CA_SSL" set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set range global set source factory set last-updated 1548870834 next edit "Fortinet_CA_Untrusted" set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set range global set source factory set last-updated 1548870834 next edit "Fortinet_SSL" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548870834 next edit "Fortinet_SSL_RSA1024" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548870834 next edit "Fortinet_SSL_RSA2048" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548870834 next edit "Fortinet_SSL_DSA1024" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548870834 next edit "Fortinet_SSL_DSA2048" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548870834 next edit "Fortinet_SSL_ECDSA256" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548870834 next edit "Fortinet_SSL_ECDSA384" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory set last-updated 1548870834 next end config user setting set auth-cert "Fortinet_Factory" end config user group edit "SSO_Guest_Users" next end config user device-group edit "Mobile Devices" set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" set comment "Phones, tablets, etc." next edit "Network Devices" set member "fortinet-device" "other-network-device" "router-nat-device" set comment "Routers, firewalls, gateways, etc." next edit "Others" set member "gaming-console" "media-streaming" set comment "Other devices." next end config vpn ssl web host-check-software edit "FortiClient-AV" set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" next edit "FortiClient-FW" set type fw set guid "528CB157-D384-4593-AAAA-E42DFF111CED" next edit "FortiClient-AV-Vista" set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit "FortiClient-FW-Vista" set type fw set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" next edit "FortiClient-AV-Win7" set guid "71629DC5-BE6F-CCD3-C5A5-014980643264" next edit "AVG-Internet-Security-AV" set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit "AVG-Internet-Security-FW" set type fw set guid "8DECF618-9569-4340-B34A-D78D28969B66" next edit "AVG-Internet-Security-AV-Vista-Win7" set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit "AVG-Internet-Security-FW-Vista-Win7" set type fw set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" next edit "CA-Anti-Virus" set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit "CA-Internet-Security-AV" set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit "CA-Internet-Security-FW" set type fw set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" next edit "CA-Internet-Security-AV-Vista-Win7" set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit "CA-Internet-Security-FW-Vista-Win7" set type fw set guid "06D680B0-4024-4FAB-E710-E675E50F6324" next edit "CA-Personal-Firewall" set type fw set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" next edit "F-Secure-Internet-Security-AV" set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit "F-Secure-Internet-Security-FW" set type fw set guid "D4747503-0346-49EB-9262-997542F79BF4" next edit "F-Secure-Internet-Security-AV-Vista-Win7" set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit "F-Secure-Internet-Security-FW-Vista-Win7" set type fw set guid "2D7AC0A6-6241-D774-E168-461178D9686C" next edit "Kaspersky-AV" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-FW" set type fw set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-AV-Vista-Win7" set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit "Kaspersky-FW-Vista-Win7" set type fw set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" next edit "McAfee-Internet-Security-Suite-AV" set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit "McAfee-Internet-Security-Suite-FW" set type fw set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" next edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" set type fw set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" next edit "McAfee-Virus-Scan-Enterprise" set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit "Norton-360-2.0-AV" set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit "Norton-360-2.0-FW" set type fw set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" next edit "Norton-360-3.0-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-360-3.0-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Norton-Internet-Security-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Symantec-Endpoint-Protection-AV" set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit "Symantec-Endpoint-Protection-FW" set type fw set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" next edit "Symantec-Endpoint-Protection-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Symantec-Endpoint-Protection-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Panda-Antivirus+Firewall-2008-AV" set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit "Panda-Antivirus+Firewall-2008-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Panda-Internet-Security-AV" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2006~2007-FW" set type fw set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2008~2009-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Sophos-Anti-Virus" set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit "Sophos-Enpoint-Secuirty-and-Control-FW" set type fw set guid "0786E95E-326A-4524-9691-41EF88FB52EA" next edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" set type fw set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" next edit "Trend-Micro-AV" set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit "Trend-Micro-FW" set type fw set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" next edit "Trend-Micro-AV-Vista-Win7" set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit "Trend-Micro-FW-Vista-Win7" set type fw set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" next edit "ZoneAlarm-AV" set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit "ZoneAlarm-FW" set type fw set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" next edit "ZoneAlarm-AV-Vista-Win7" set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit "ZoneAlarm-FW-Vista-Win7" set type fw set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" next edit "ESET-Smart-Security-AV" set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" next edit "ESET-Smart-Security-FW" set type fw set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" next end config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next edit "web-access" set web-mode enable next edit "tunnel-access" set tunnel-mode enable set ipv6-tunnel-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next end config vpn ssl settings set servercert "Fortinet_Factory" set port 443 end config voip profile edit "default" set comment "Default VoIP profile." next edit "strict" config sip set malformed-request-line discard set malformed-header-via discard set malformed-header-from discard set malformed-header-to discard set malformed-header-call-id discard set malformed-header-cseq discard set malformed-header-rack discard set malformed-header-rseq discard set malformed-header-contact discard set malformed-header-record-route discard set malformed-header-route discard set malformed-header-expires discard set malformed-header-content-type discard set malformed-header-content-length discard set malformed-header-max-forwards discard set malformed-header-allow discard set malformed-header-p-asserted-identity discard set malformed-header-sdp-v discard set malformed-header-sdp-o discard set malformed-header-sdp-s discard set malformed-header-sdp-i discard set malformed-header-sdp-c discard set malformed-header-sdp-b discard set malformed-header-sdp-z discard set malformed-header-sdp-k discard set malformed-header-sdp-a discard set malformed-header-sdp-t discard set malformed-header-sdp-r discard set malformed-header-sdp-m discard end next end config webfilter search-engine edit "google" set hostname ".*\\.google\\..*" set url "^\\/((custom|search|images|videosearch|webhp)\\?)" set query "q=" set safesearch url set safesearch-str "&safe=active" next edit "yahoo" set hostname ".*\\.yahoo\\..*" set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" set query "p=" set safesearch url set safesearch-str "&vm=r" next edit "bing" set hostname ".*\\.bing\\..*" set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" set query "q=" set safesearch header next edit "yandex" set hostname "yandex\\..*" set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" set query "text=" set safesearch url set safesearch-str "&family=yes" next edit "youtube" set hostname ".*youtube.*" set safesearch header next edit "baidu" set hostname ".*\\.baidu\\.com" set url "^\\/s?\\?" set query "wd=" next edit "baidu2" set hostname ".*\\.baidu\\.com" set url "^\\/(ns|q|m|i|v)\\?" set query "word=" next edit "baidu3" set hostname "tieba\\.baidu\\.com" set url "^\\/f\\?" set query "kw=" next end config dnsfilter profile edit "default" set comment "Default dns filtering." config ftgd-dns config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end set block-botnet enable next end config spamfilter profile edit "default" set comment "Malware and phishing URL filtering." next edit "sniffer-profile" set comment "Malware and phishing URL monitoring." set flow-based enable next end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next edit "none" next end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next end config firewall ssl-ssh-profile edit "certificate-inspection" set comment "Read-only SSL handshake inspection profile." config https set ports 443 set status certificate-inspection end config ftps set status disable end config imaps set status disable end config pop3s set status disable end config smtps set status disable end config ssh set ports 22 set status disable end next edit "deep-inspection" set comment "Read-only deep inspection profile." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssh set ports 22 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type address set address "google-play" next edit 4 set type address set address "update.microsoft.com" next edit 5 set type address set address "swscan.apple.com" next edit 6 set type address set address "autoupdate.opera.com" next edit 7 set type wildcard-fqdn set wildcard-fqdn "g-android" next edit 8 set type wildcard-fqdn set wildcard-fqdn "g-apple" next edit 9 set type wildcard-fqdn set wildcard-fqdn "g-appstore" next edit 10 set type wildcard-fqdn set wildcard-fqdn "g-citrix" next edit 11 set type wildcard-fqdn set wildcard-fqdn "g-eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "g-google-drive" next edit 13 set type wildcard-fqdn set wildcard-fqdn "g-google-play2" next edit 14 set type wildcard-fqdn set wildcard-fqdn "g-google-play3" next edit 15 set type wildcard-fqdn set wildcard-fqdn "g-Gotomeeting" next edit 16 set type wildcard-fqdn set wildcard-fqdn "g-microsoft" next edit 17 set type wildcard-fqdn set wildcard-fqdn "g-adobe" next edit 18 set type wildcard-fqdn set wildcard-fqdn "g-Adobe Login" next edit 19 set type wildcard-fqdn set wildcard-fqdn "g-dropbox.com" next edit 20 set type wildcard-fqdn set wildcard-fqdn "g-fortinet" next edit 21 set type wildcard-fqdn set wildcard-fqdn "g-googleapis.com" next edit 22 set type wildcard-fqdn set wildcard-fqdn "g-icloud" next edit 23 set type wildcard-fqdn set wildcard-fqdn "g-itunes" next edit 24 set type wildcard-fqdn set wildcard-fqdn "g-skype" next edit 25 set type wildcard-fqdn set wildcard-fqdn "g-verisign" next edit 26 set type wildcard-fqdn set wildcard-fqdn "g-Windows update 2" next edit 27 set type wildcard-fqdn set wildcard-fqdn "g-auth.gfx.ms" next edit 28 set type wildcard-fqdn set wildcard-fqdn "g-softwareupdate.vmware.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "g-firefox update server" next edit 30 set type wildcard-fqdn set wildcard-fqdn "g-live.com" next end next edit "custom-deep-inspection" set comment "Customizable deep inspection profile." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssh set ports 22 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type address set address "google-play" next edit 4 set type address set address "update.microsoft.com" next edit 5 set type address set address "swscan.apple.com" next edit 6 set type address set address "autoupdate.opera.com" next edit 7 set type wildcard-fqdn set wildcard-fqdn "g-android" next edit 8 set type wildcard-fqdn set wildcard-fqdn "g-apple" next edit 9 set type wildcard-fqdn set wildcard-fqdn "g-appstore" next edit 10 set type wildcard-fqdn set wildcard-fqdn "g-citrix" next edit 11 set type wildcard-fqdn set wildcard-fqdn "g-eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "g-google-drive" next edit 13 set type wildcard-fqdn set wildcard-fqdn "g-google-play2" next edit 14 set type wildcard-fqdn set wildcard-fqdn "g-google-play3" next edit 15 set type wildcard-fqdn set wildcard-fqdn "g-Gotomeeting" next edit 16 set type wildcard-fqdn set wildcard-fqdn "g-microsoft" next edit 17 set type wildcard-fqdn set wildcard-fqdn "g-adobe" next edit 18 set type wildcard-fqdn set wildcard-fqdn "g-Adobe Login" next edit 19 set type wildcard-fqdn set wildcard-fqdn "g-dropbox.com" next edit 20 set type wildcard-fqdn set wildcard-fqdn "g-fortinet" next edit 21 set type wildcard-fqdn set wildcard-fqdn "g-googleapis.com" next edit 22 set type wildcard-fqdn set wildcard-fqdn "g-icloud" next edit 23 set type wildcard-fqdn set wildcard-fqdn "g-itunes" next edit 24 set type wildcard-fqdn set wildcard-fqdn "g-skype" next edit 25 set type wildcard-fqdn set wildcard-fqdn "g-verisign" next edit 26 set type wildcard-fqdn set wildcard-fqdn "g-Windows update 2" next edit 27 set type wildcard-fqdn set wildcard-fqdn "g-auth.gfx.ms" next edit 28 set type wildcard-fqdn set wildcard-fqdn "g-softwareupdate.vmware.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "g-firefox update server" next edit 30 set type wildcard-fqdn set wildcard-fqdn "g-live.com" next end next end config waf profile edit "default" config signature config main-class 100000000 set action block set severity high end config main-class 20000000 end config main-class 30000000 set status enable set action block set severity high end config main-class 40000000 end config main-class 50000000 set status enable set action block set severity high end config main-class 60000000 end config main-class 70000000 set status enable set action block set severity high end config main-class 80000000 set status enable set severity low end config main-class 110000000 set status enable set severity high end config main-class 90000000 set status enable set action block set severity high end set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002 end config constraint config header-length set status enable set log enable set severity low end config content-length set status enable set log enable set severity low end config param-length set status enable set log enable set severity low end config line-length set status enable set log enable set severity low end config url-param-length set status enable set log enable set severity low end config version set log enable end config method set action block set log enable end config hostname set action block set log enable end config malformed set log enable end config max-cookie set status enable set log enable set severity low end config max-header-line set status enable set log enable set severity low end config max-url-param set status enable set log enable set severity low end config max-range-segment set status enable set log enable set severity high end end next end config firewall ssh setting set caname "g-Fortinet_SSH_CA" set untrusted-caname "g-Fortinet_SSH_CA_Untrusted" set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048" set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024" set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256" set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384" set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521" set hostkey-ed25519 "g-Fortinet_SSH_ED25519" end config switch-controller switch-profile edit "default" next end config endpoint-control profile edit "default" config forticlient-winmac-settings end config forticlient-android-settings end config forticlient-ios-settings end next end config wireless-controller wids-profile edit "default" set comment "Default WIDS profile." set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default-wids-apscan-enabled" set ap-scan enable next end config wireless-controller wtp-profile edit "FAPU323EV-default" config platform set type U323EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU321EV-default" config platform set type U321EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU24JEV-default" config platform set type U24JEV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU223EV-default" config platform set type U223EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU221EV-default" config platform set type U221EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU423E-default" config platform set type U423E end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU422EV-default" config platform set type U422EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU421E-default" config platform set type U421E end set handoff-sta-thresh 30 config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS223E-default" config platform set type S223E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS221E-default" config platform set type S221E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP224E-default" config platform set type 224E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP223E-default" config platform set type 223E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP222E-default" config platform set type 222E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP221E-default" config platform set type 221E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP423E-default" config platform set type 423E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP421E-default" config platform set type 421E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS423E-default" config platform set type S423E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS422E-default" config platform set type S422E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS421E-default" config platform set type S421E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS323CR-default" config platform set type S323CR end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS322CR-default" config platform set type S322CR end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS321CR-default" config platform set type S321CR end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS313C-default" config platform set type S313C end set handoff-sta-thresh 30 config radio-1 set band 802.11ac end next edit "FAPS311C-default" config platform set type S311C end set handoff-sta-thresh 30 config radio-1 set band 802.11ac end next edit "FAPS323C-default" config platform set type S323C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS322C-default" config platform set type S322C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS321C-default" config platform set type S321C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP321C-default" config platform set type 321C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP223C-default" config platform set type 223C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP112D-default" config platform set type 112D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP24D-default" config platform set type 24D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP21D-default" config platform set type 21D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FK214B-default" config platform set type 214B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP224D-default" config platform set type 224D end set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP222C-default" config platform set type 222C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP25D-default" config platform set type 25D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP221C-default" config platform set type 221C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP320C-default" config platform set type 320C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP28C-default" config platform set type 28C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP223B-default" config platform set type 223B end set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP14C-default" config platform set type 14C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP11C-default" config platform set type 11C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP320B-default" config platform set type 320B end set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP112B-default" config platform set type 112B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP222B-default" config platform set type 222B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11n-5G end next edit "FAP210B-default" config platform set type 210B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP220B-default" set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "AP-11N-default" config platform set type AP-11N end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next end config log memory setting set status enable end config log null-device setting set status disable end config router rip config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ripng config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router static edit 1 set gateway 10.11.24.5 set device "lan1" next end config router ospf config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router ospf6 config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router bgp config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "static" end config redistribute "isis" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "static" end config redistribute6 "isis" end end config router isis config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "static" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "bgp" end config redistribute6 "static" end end config router multicast end end
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1557 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.